teacher-prep

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed teacher lesson-prep skill that searches Tavily and creates local Markdown, PowerPoint, and Word teaching files.

Install if you want an agent to research lesson material with Tavily and create teaching documents locally. Use a scoped Tavily key, avoid sensitive student or proprietary details in prompts, run it in a dedicated folder, and review generated classroom materials before use.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The skill automatically creates and saves multiple local files, but the description does not clearly warn the user up front that artifacts will be written to disk. This can surprise users, cause unintended data persistence, overwrite existing files with similar names, or leave sensitive lesson content stored locally without informed consent.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The workflow sends lesson-request content to Tavily for external search, but the skill description does not warn users that their prompts or lesson details may leave the local environment. Even in an education context, requests may contain unpublished curriculum materials, student-related context, or other sensitive instructional data that should not be transmitted without clear notice.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal