A11y Audit

Security checks across malware telemetry and agentic risk

Overview

This accessibility audit skill is coherent and purpose-aligned, with no evidence of hidden data access, exfiltration, persistence, or destructive behavior.

Installers should treat the skill as safe for local accessibility auditing. Before using any agent-driven '--fix' workflow, review proposed diffs and use version control, because automated accessibility remediation can still change application code even when it is benign.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill advertises a '--fix' mode that auto-applies changes to project files without any warning, confirmation, backup, or dry-run guidance. In an agent-driven environment, this can cause unintended bulk edits, overwrite user work, or introduce unsafe modifications when invoked implicitly or with incorrect scope.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal