Back to skill

Security audit

Dependency Upgrade Briefing

Security checks across malware telemetry and agentic risk

Overview

This is a local helper for drafting dependency-upgrade briefings, with no evidence of hidden network access, credential use, persistence, or destructive behavior.

Install only if you are comfortable letting the skill process local files you explicitly provide. Prefer dry-run or stdout for quick drafts, check output paths before writing files, and avoid feeding sensitive business details unless they are needed for the briefing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill declares no permissions, yet its instructions explicitly allow running `python3` and imply reading templates/specs and writing output files. This creates a capability/permission mismatch that can mislead reviewers and policy enforcement, making shell execution and file access available without transparent declaration.

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The script’s dispatcher supports multiple unrelated audit modes such as directory, CSV, pattern, and skill auditing, which materially exceeds the declared purpose of a dependency-upgrade briefing skill. This scope mismatch can be abused to inspect arbitrary local content and generate reports on repositories or files the user did not intend this skill to analyze, increasing data exposure and violating least functionality.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The built-in pattern scanner searches arbitrary files for secrets, private URLs, and dangerous shell fragments even though the skill is described as a dependency-upgrade briefing tool. That creates an unnecessary file-inspection capability that could surface sensitive snippets from local repositories and broaden the skill into a generic security scanner without clear user consent.

Context-Inappropriate Capability

Medium
Confidence
86% confidence
Finding
The skill_audit function performs generic repository compliance checks for skill packaging files unrelated to dependency upgrade analysis. In a mismatched skill context, this constitutes excess capability that can enumerate project structure and metadata, which may expose internal repository details and indicates the shipped code does not match the declared behavior.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger examples are broad natural-language requests such as asking whether a dependency upgrade is worth doing or requesting a business impact explanation. In a skill-routing system, this can cause unintended invocation on ordinary discussion prompts, leading the agent to apply this skill in contexts the user did not explicitly request, which may skew outputs or bypass more appropriate workflows.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.