Stakeholder Update Drafter

Security checks across malware telemetry and agentic risk

Overview

This skill is mainly a local stakeholder-update draft generator, with some dormant audit code that should be documented or removed but does not run in the shipped configuration.

Install only if you are comfortable with a local Python helper processing files you choose and writing an output file you specify. Avoid using sensitive project materials unless they are appropriate for a stakeholder update. The publisher should ideally remove or clearly document the dormant audit helpers to reduce ambiguity.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (6)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 88% confidence
Finding: The skill declares no permissions, yet its instructions explicitly allow executing `python3` and imply reading local resources and writing output files. This creates a capability/permission mismatch that can lead to unintended file access or shell execution under a seemingly low-risk communication skill, reducing transparency and reviewability for users and policy systems.

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: The skill metadata says it drafts stakeholder-specific project updates, but the entrypoint dispatches into generic auditing modes such as directory, CSV, pattern, and skill audits. This scope mismatch is dangerous because users may grant this skill access to project files expecting communication assistance, while it actually performs broader inspection and reporting on local content.

Context-Inappropriate Capability

High

Confidence: 99% confidence
Finding: The script contains repository scanning and regex-based security pattern detection that are not justified by a stakeholder-update drafting use case. In this context, adding hidden analysis capabilities expands data access and can expose sensitive code, secrets, or internal paths during operation or in generated reports.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The directory reporting logic recursively enumerates arbitrary files and extracts content such as Markdown headings, which exceeds the justified scope of drafting stakeholder communications. This broader filesystem access increases the chance of collecting unrelated or sensitive information from repositories and turning it into report output.

Description-Behavior Mismatch

Medium

Confidence: 93% confidence
Finding: The report generator is generic and spec-driven, not specifically implementing the promised boss/client/execution/risk-transparent variants. That mismatch can mislead users about what outputs they will get and conceal that the tool behavior is controlled by an external spec rather than the declared stakeholder communication logic.

Natural-Language Policy Violations

Medium

Confidence: 90% confidence
Finding: The template is entirely written in Chinese and instructs users to fill sections in that language without any indication that output language should follow user preference. This can cause unintended language override, reduce usability for non-Chinese users, and lead to miscommunication in stakeholder updates where precise audience-appropriate wording matters.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal