Peer Review Response Drafter

Security checks across malware telemetry and agentic risk

Overview

The skill has a legitimate drafting purpose, but its file access is broader than its own safety claims and can write files outside the workspace.

Install only if you are comfortable checking every input and output path before running it. Keep confidential reviewer comments and unpublished manuscript details out of shared or version-controlled folders, and avoid absolute paths or ../ traversal until the publisher adds real workspace-only output and path validation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 84% confidence
Finding: This skill is designed to process reviewer comments, manuscript text, journal metadata, and revision notes, which can contain unpublished research and confidential peer-review material. Describing file input/output without an explicit warning, minimization guidance, or confidentiality handling increases the risk that users will store or expose sensitive academic data in insecure locations or logs.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal