Back to skill

Security audit

Wiki Knowledge Base

Security checks across malware telemetry and agentic risk

Overview

The skill appears intended to build or maintain wiki content, but it reportedly performs broad automatic repository writes and commits that could capture unrelated local changes.

Review before installing. Use this only in a dedicated repository or after checking `git status`, and do not allow automatic commits unless you have seen the exact file list and commit message. Prefer a version that limits writes to approved wiki/output paths and asks before staging or committing changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The skill instructs unconditional `git add -A && git commit` after every operation, which changes repository state beyond the core task of maintaining wiki content. In an agent setting, this can capture unrelated local changes, create unwanted history, and persist accidental or sensitive modifications without explicit user approval.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrases are broad enough to activate on ordinary requests about research organization or knowledge bases, increasing the chance the skill runs in contexts the user did not intend. Overbroad activation is risky because this skill performs file reads/writes and may modify a local repository, so mistaken invocation can lead to unanticipated side effects.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The ingest workflow directs the agent to create and update multiple files in the local project as a routine step, but it does not require warning or obtaining consent before modifying the repository. In practice, this can surprise users, overwrite local work, or cause unintended changes when the skill is auto-invoked or used in the wrong directory.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Recommending automatic commits without informing the user that repository history will be altered is dangerous because commits are durable, auditable state changes that may include unrelated or sensitive files. Combined with `git add -A`, this can stage far more than the wiki edits and create irreversible workflow disruption unless the user notices in time.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.