Back to skill

Security audit

Academic Paper Reviewer

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly a coherent academic review workflow, but it can send manuscript material to external model APIs and has broad activation language that users should review before installing.

Install only if you are comfortable with multi-agent processing of manuscript drafts. Do not enable ARS_CROSS_MODEL or add external API keys for confidential, unpublished, proprietary, or IRB-sensitive material unless you intentionally want that content sent to the chosen provider. Prefer explicit invocation and review the trigger behavior before using it in sessions with sensitive documents.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger list is broad and includes common phrases such as 'review paper' and 'peer review', which can cause the skill to activate during ordinary academic-help interactions where the user did not intend to invoke a multi-agent workflow. Because this skill delegates manuscript content to multiple subagents, unintended invocation increases privacy and data-handling risk beyond a normal single-agent response.

Vague Triggers

Low
Confidence
81% confidence
Finding
The Quick Start phrase 'Review this paper for journal submission' is a natural-language request that overlaps with common user prompts, so it may unintentionally activate the skill without signaling that a 7-agent delegated process will be used. In this context, accidental activation is mainly a consent and privacy issue, since manuscript text may be processed by multiple subagents.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The protocol explicitly instructs the agent to send reference text and citation context to third-party model APIs, which is an external data transfer. Even if the feature is optional, the document provides no explicit privacy notice, consent gate, or data classification guidance before transmitting potentially unpublished manuscript content to external providers.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
This section directs the Devil's Advocate agent to send reviewed material to another model for independent critique, which may include full paper content, reviewer notes, or sensitive draft material. Without a clear disclosure and consent mechanism, users may unknowingly expose confidential research or proprietary content to external services.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

Detected: suspicious.prompt_injection_instructions

Prompt-injection style instruction pattern detected.

Warn
Code
suspicious.prompt_injection_instructions
Location
references/sprint_contract_protocol.md:22