Back to skill

Security audit

eCTD XML Compiler

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a local eCTD document-to-XML helper, but it overstates regulatory compliance and validation for a sensitive drug-submission workflow.

Install only for isolated, local drafting experiments. Do not rely on this skill for real regulatory submissions without expert review and independent eCTD validation, and avoid processing confidential drug-submission files in shared or uncontrolled workspaces.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
86% confidence
Finding
The skill documentation exposes file-write capability and instructs users to run a local script that writes generated XML and checksum artifacts, yet it declares no permissions model. In an agent setting, undeclared write behavior weakens reviewability and may cause sensitive regulatory content to be persisted to disk without explicit user awareness or policy gating.

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The documented behavior materially overstates what the tool does: it claims standards-compliant conversion and validation, but the analysis indicates only basic checks, local-path processing, extra checksum generation, and a runtime bug that can break the advertised workflow. This is dangerous because users handling regulated drug-submission materials may rely on incorrect compliance claims, producing invalid submission artifacts or mishandling sensitive files under false assumptions.

Vague Triggers

Medium
Confidence
74% confidence
Finding
The 'When to Use' section broadens the skill into generic academic-writing and fallback workflows unrelated to eCTD conversion, which increases the chance of inappropriate invocation and misuse. In an agent environment, ambiguous scope can route sensitive or out-of-domain tasks to a script with file access, causing unintended processing or data persistence.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill handles drug application documents, which commonly contain confidential regulatory, clinical, and manufacturing information, yet the description does not warn that source content and generated XML/checksum artifacts will be written to disk. This omission can lead users to expose sensitive submission data unintentionally, especially in shared workspaces or less-isolated execution environments.

VirusTotal

56/56 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.