Assignment Check

Security checks across malware telemetry and agentic risk

Overview

This skill appears to read local assignment PDFs from a hard-coded personal folder without clear user-controlled scoping.

Install only if you are comfortable with the agent reading the referenced local assignment folder. Prefer editing or wrapping the skill so it asks for a user-selected file or folder each time and avoids scanning unrelated course documents.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill instructs the agent to access a specific personal directory on the local machine and read assignment PDFs without any explicit consent flow, scope limitation, or privacy notice. This creates a real privacy and data-minimization issue because the agent is directed to inspect user files broadly across course folders, potentially exposing sensitive academic or personal information beyond what the user intended.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal