Back to skill

Security audit

Nm Sanctum Doc Updates

Security checks across malware telemetry and agentic risk

Overview

This documentation-maintenance skill is coherent and mostly controlled, though users should review any proposed file deletions or git staging before accepting them.

Install only if you want an agent to help audit and update repository documentation. Treat consolidation suggestions carefully: review each proposed delete, merge, or `git add -u` action before approving, and use the skip or dry-run options when you only want recommendations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
This is a genuine reliability/security control issue: the documentation promises a non-zero exit code when discrepancies are found, but the shown script only prints differences and never tracks failures or exits 1. In CI or automation, this can cause drift checks to silently pass, undermining quality gates and allowing stale or misleading capability documentation to persist.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
This module authorizes repository cleanup actions such as deleting files and updating git staging as part of a documentation workflow. Even with user approval language, the skill materially expands from editing docs into destructive file-system and VCS operations, creating risk of accidental or overbroad deletions if heuristics misclassify files as redundant or stale.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill contains direct capability to execute `rm <file>` and `git add -u`, which can permanently remove repository content and silently prepare those changes for commit. In a doc-update context, this is more dangerous because the stated purpose suggests low-risk maintenance, while the implementation enables destructive state changes based on heuristic detection of redundancy or staleness.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger list is unusually broad for a documentation-specific skill, including generic terms like 'writing', 'documentation', and 'debloat'. This can cause the skill to activate in unrelated contexts, increasing the chance that it runs shell commands, scans repository-wide files, or influences workflows when the user did not intend to invoke it.

Context Leakage

High
Category
Data Exfiltration
Content
9. `doc-updates:accuracy-verified`
10. `doc-updates:preview`

## Step 1: Collect Context (`context-collected`)

- Validate `Skill(sanctum:git-workspace-review)` has been run.
- Use its notes to understand the delta.
Confidence
81% confidence
Finding
Collect Context

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.