Adversarial Prompting

Security checks across malware telemetry and agentic risk

Overview

This skill is an analysis helper that clearly saves its generated output locally, with no evidence of exfiltration, credential access, destructive actions, or hidden persistence.

Install only if you are comfortable with generated analyses being saved as markdown files in your home directory. Avoid using it with secrets, confidential business details, or personal data unless you plan to delete the exported file afterward or instruct the agent to skip the export step.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 95% confidence
Finding: The skill instructs automatic export of analysis output to a markdown file, which is a file-write capability not declared in the manifest. Undeclared write behavior breaks the principle of least privilege and can surprise users by persisting potentially sensitive prompts, reasoning, or recommendations to local storage without explicit consent.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 97% confidence
Finding: The skill is presented as an analysis-only problem-solving tool, but it also performs side-effecting filesystem actions unrelated to the stated purpose. This mismatch can mislead operators and automated policy systems, causing the skill to be trusted or enabled in contexts where local persistence of sensitive analytical content should not occur.

Description-Behavior Mismatch

Medium

Confidence: 93% confidence
Finding: An analysis-focused skill should not silently add output-persistence behavior unless that behavior is clearly declared and justified. Requiring export as part of normal execution increases the chance that confidential user inputs, internal reasoning, or sensitive recommendations are written to disk and retained longer than intended.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: The markdown instructs automatic file export without warning the user that content will be written to local storage. Silent persistence is dangerous because analyses may contain proprietary data, security-sensitive details, or personal information that users expected to remain ephemeral within the session.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal