Back to skill

Security audit

AI Question Generator

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate quiz generator, but it needs Review because it runs a local script, writes an HTML file, and handles quiz data in ways that could become unsafe with untrusted input.

Install only if you are comfortable with a skill that runs a local Python script and writes an HTML quiz file. Prefer using the stdin input path instead of embedding JSON in a shell command, choose an explicit workspace output path, and avoid feeding untrusted study materials unless the renderer is fixed to safely encode data for inline JavaScript.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill instructs writing an output HTML file but declares no permissions, creating a capability/consent mismatch. This is dangerous because file creation can occur without clear user awareness or platform-level gating, and HTML output may later be opened in a browser or reused in other contexts.

Tp4

High
Category
MCP Tool Poisoning
Confidence
90% confidence
Finding
The documented behavior claims AI-driven question generation, validation, and Bloom-level assignment, but the referenced implementation behavior only renders supplied JSON and adds UI/scoring features. This mismatch is dangerous because users and downstream agents may trust fabricated assurances about content generation and validation, causing unsafe automation decisions or hidden functionality to be invoked under false pretenses.

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
The skill directs the agent to invoke a local Python script through a shell command using embedded JSON data. Shell/script execution expands the attack surface beyond simple content formatting, and if user-controlled data is interpolated unsafely it can lead to command injection, unsafe file writes, or execution of unintended local code.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The trigger phrases are very broad and overlap with common educational requests, increasing the chance of unintended automatic activation. Unintended invocation can cause surprising file creation, use of local scripts, or processing of sensitive study materials when the user only wanted a normal conversational response.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The quick-generation path allows activation from vague user intent and silently fills in defaults. This is dangerous because it lowers the threshold for the skill to proceed into downstream actions, including HTML generation and file writing, without sufficient confirmation that the user intended those operations.

Missing User Warnings

Low
Confidence
76% confidence
Finding
The description does not clearly warn that the skill generates an HTML file via a local script, which weakens informed consent and transparency. While not inherently exploitable on its own, hidden output-side effects make accidental file creation and unsafe downstream opening of generated HTML more likely.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.