Back to skill

Security audit

Detector of prompt injection

Security checks across malware telemetry and agentic risk

Overview

This skill is a user-run prompt-inspection client that sends chosen text to a documented API, with a privacy caution but no hidden or destructive behavior found.

Install only if you are comfortable sending inspected text to Prompt Inspector or to a self-hosted endpoint you configure. Avoid submitting secrets, regulated data, customer records, or proprietary system prompts unless your organization has approved that data flow, and prefer environment-based API keys over passing real keys inline on the command line.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill declares no permissions while its documented behavior clearly requires reading environment variables, reading local files for batch input, and sending data over the network to a third-party API. This mismatch can mislead users and security controls about the skill's capabilities, increasing the chance that sensitive data is processed or exfiltrated without informed approval.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill is marketed as inspecting user text for prompt injection, but the description does not clearly warn that the inspected text is sent to an external API service. Because the tool is likely to be used on potentially sensitive prompts, system instructions, or user content, this omission can cause unintended disclosure of confidential data to a third party.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The FAQ explicitly instructs users to POST raw `input_text` to a third-party hosted API, but it does not warn about privacy, data handling, or whether sensitive prompts should be redacted before transmission. In a prompt-screening skill, users may send untrusted but also confidential application data, so omission of a data-transmission warning can lead to unintended disclosure of sensitive content.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script sends user-supplied text to a remote service over the network, but the CLI does not clearly warn operators that potentially sensitive input will leave the local environment. In a prompt-screening tool, users may paste confidential prompts, customer data, or internal instructions, so the absence of an explicit privacy notice can create unintended data disclosure risk even if transmission is expected by design.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.