Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 70% confidence
- Finding
- Without declared permissions the skill's intent is opaque and cannot be validated.
Research Summarizer
Security checks across malware telemetry and agentic risk
Overview
This research summarizer skill is purpose-aligned and mainly helps structure document summaries, comparisons, and citations, with only minor activation-scope caution.
Install if you want a document research and citation workflow. Be aware it may activate on broad summarization requests, and avoid giving it confidential documents unless you are comfortable with your agent processing that content.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
- MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)
Vague Triggers
Medium
- Confidence
- 95% confidence
- Finding
- The trigger list includes generic phrases like "Summarize this paper / article / report," "Compare these sources," and especially the catch-all "Any request involving: summarize, research brief, literature review, citation, source comparison." These patterns lack clear boundaries or exclusion conditions, so the skill could be invoked for common everyday requests that are not specifically meant for this structured research workflow.
VirusTotal
63/63 vendors flagged this skill as clean.