Back to skill

Security audit

DailyBit — AI Tech Daily Digest

Security checks across malware telemetry and agentic risk

Overview

This is a mostly coherent tech digest skill, but it can send inferred conversation context to DailyBit and can modify RSS subscriptions when a user token is provided.

Install only if you are comfortable with digest requests going to DailyBit. Use a revocable DailyBit token only when you want personalization, avoid sharing sensitive conversation context, and require explicit confirmation before any feed is added or removed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The manifest frames this as a read-only digest/recommendation skill, but the documented interface includes state-changing feed management operations. That mismatch expands the skill's effective authority beyond user expectations and increases the chance that an agent invokes destructive or privacy-affecting actions without clear consent.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
Adding and deleting RSS subscriptions is not necessary to fulfill the stated purpose of delivering a curated daily digest. Unnecessary write-capable endpoints violate least privilege and create avoidable risk of unauthorized preference changes, account manipulation, or accidental data loss if the agent misfires or is socially engineered.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger list contains broad, everyday phrases that could activate the skill in contexts where the user did not intend to use it. Over-broad activation increases the chance of unintended external calls, unnecessary data disclosure to the service, and confusion about why the skill ran.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.prompt_injection_instructions

Prompt-injection style instruction pattern detected.

Warn
Code
suspicious.prompt_injection_instructions
Location
SKILL.md:62