Back to skill

Security audit

Adversarial Prompting

Security checks across malware telemetry and agentic risk

Overview

This skill performs adversarial analysis and openly saves the generated analysis as a local markdown file, with no evidence of exfiltration or hidden persistence.

Install only if you are comfortable with generated analyses being saved as markdown files in your home directory. Avoid using it with secrets, private business details, or personal data unless you plan to delete the exported file afterward or instruct the agent to skip exporting.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill instructs automatic export of analysis to a markdown file, which implies file-write capability not declared in the manifest. Undeclared write behavior is dangerous because it creates persistence and side effects users may not expect, and it bypasses the principle of least privilege for what is presented as a reasoning-only skill.

Tp4

High
Category
MCP Tool Poisoning
Confidence
97% confidence
Finding
The skill is described as an adversarial analysis methodology, but its instructions add operational behavior that writes files and invokes an external script. This mismatch is dangerous because users and reviewers may trust the declared purpose while missing hidden side effects, increasing the risk of unauthorized persistence, data leakage into files, or execution of unintended tooling.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The manifest frames the skill as an analysis process, but the body adds automatic export behavior, expanding the skill's actions beyond its stated purpose. In context, this makes the skill more dangerous because users invoking analytical help would not reasonably expect file creation or persistence as a default side effect.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
Automatically invoking an external script for export introduces execution behavior that is not necessary for the advertised analytical purpose. This is risky because external script execution can create files, expose sensitive analysis content, or become a pivot point for broader abuse if the script path or behavior is altered.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill directs automatic export of analysis results without warning the user that content will be persisted to disk. This is dangerous because analyses may contain sensitive user data, internal reasoning, or confidential project details, and silent persistence increases the chance of accidental disclosure or retention beyond user intent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.