Litigation Hold Notice Drafter

Security checks across malware telemetry and agentic risk

Overview

This is a draft-only legal hold packet helper with no executable code, installer, persistence, or automatic distribution behavior.

Installers should treat this as a legal drafting aid only. Do not paste unnecessary real client, employee, claim, or account identifiers, and have licensed counsel review any preservation packet or release-related draft before use.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 93% confidence
Finding: The manifest says the skill produces a draft preservation packet consisting of a custodian notice, ESI inventory, acknowledgment form, and release-criteria checklist for counsel review. Line L216 offers an additional deliverable: drafting the hold-release notice for when the matter closes, which goes beyond the described packet and into a later lifecycle action the manifest does not claim.

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: At L016, the documentation states 'you do not lift a hold,' and later rules reinforce that the skill should not lift, narrow, or release a hold. However, L216 explicitly offers to draft the hold-release notice, which conflicts with the earlier stated intent to stay out of hold release activity.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal