Markdown Sync Pro

Security checks across malware telemetry and agentic risk

Overview

This is a Markdown publishing helper whose external posting behavior is visible and matches its stated purpose, though users should review content before publishing.

Install if you intend to publish selected Markdown files to the configured platforms. Use dry-run first, check documents and embedded images for secrets or private data, and use least-privilege platform tokens. Review any external GitHub repo or executable before running the README's direct-use path.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill explicitly supports publishing Markdown to external platforms and auto-uploading images, but it does not warn users that local content may be transmitted to third-party services. This creates a real risk of accidental disclosure of sensitive text, metadata, or embedded media when users publish internal documents or run the tool without understanding the external data flow.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal