Immigration Petition Cover Letter

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only drafting aid for immigration cover letters with clear attorney-review limits and no hidden execution or data-exfiltration behavior.

Install only if you want an attorney-supervised immigration drafting workflow. Users should avoid unnecessary personal identifiers, verify current USCIS fees, form editions, and filing addresses from official sources, and treat all outputs as drafts requiring licensed attorney or accredited representative review before filing.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Description-Behavior Mismatch

Medium

Confidence: 90% confidence
Finding: The changelog states the skill supports materially broader filing types and outputs than the current manifest description, creating a scope mismatch between what the agent may advertise and what maintainers or downstream controls expect. In a legal-filing skill, this can cause the system to be invoked for unsupported immigration forms or workflows, increasing the chance of inaccurate legal drafting, missing safeguards, or use outside intended attorney-reviewed boundaries.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal