Back to skill

Security audit

prompt-nubaby

Security checks across malware telemetry and agentic risk

Overview

This is a prompt-augmentation skill with a disclosed local recipe-saving feature, but users should only save trusted prompts because saved entries can affect future outputs.

Install this if you want a local prompt-template and visual-prompt library. Avoid using the learning feature for confidential, proprietary, or untrusted prompts unless you are comfortable with them being saved in the skill's knowledge JSON and influencing future outputs; periodically review or remove saved recipes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (9)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill advertises prompt augmentation but also includes file read/write capability through its documented behavior of storing data in a local knowledge file. Undeclared persistence expands the skill's effective privileges and can lead to unauthorized retention or modification of user-supplied content without proper governance.

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
The documented purpose is prompt augmentation, but the skill also claims it will persistently save user-provided recipes into a local JSON knowledge base. This mismatch is dangerous because operators and users may invoke the skill expecting stateless text transformation while it actually performs durable storage, creating privacy, compliance, and trust-boundary issues.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill explicitly states that user-provided prompt text can be permanently stored in a local knowledge file, despite being presented as a prompt-enhancement tool. Persisting arbitrary user input increases the risk of collecting sensitive or proprietary content and creates a latent data exfiltration or misuse surface if the file is later accessed by other components.

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
The recaption dictionary includes an explicit human labeling taxonomy with exposure states ranging up to partial and full nudity, plus content-rating fields such as artistic nude, editorial nude, and NSFW. In a skill advertised as prompt augmentation and visual prompt shaping, this broadens the capability surface into sexualized human-content generation and structured adult-content labeling beyond the stated purpose, which can enable misuse and policy bypass through reusable system prompts.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The skill is presented as prompt augmentation/shaping, but this code persistently modifies a knowledge-base JSON file by storing new system-role content. That creates hidden state and long-term prompt influence outside the advertised behavior, which can enable prompt poisoning or unauthorized persistence of attacker-controlled instructions if this function is exposed through the skill.

Vague Triggers

Medium
Confidence
73% confidence
Finding
The skill says it should automatically activate whenever prompts are 'too short' or 'too vague,' which is broad and overlaps with many normal editing requests. In context, this becomes more concerning because the same skill also claims persistent storage behavior, so overly broad activation could cause unintended processing or retention of user content.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation says user-provided prompt content may be stored permanently, but it does not present an explicit warning or consent mechanism at the point of collection. This is dangerous because users may disclose confidential creative, commercial, or personal material under the assumption of transient processing only.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The code writes directly to a persistent knowledge base without any user-facing warning, approval step, or transactional safeguard. In an agent skill context, silent persistence is dangerous because a user or upstream prompt flow may trigger durable modifications that outlast the session, enabling stealthy knowledge poisoning or unintended configuration drift.

Ssd 3

Medium
Confidence
96% confidence
Finding
An instruction to permanently retain user-provided prompt content in a knowledge file creates a durable data store of arbitrary inputs. In this skill's context, prompts may contain proprietary creative direction, personal data, or sensitive business information, so indefinite retention without controls increases privacy and downstream leakage risk.

VirusTotal

51/51 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.