Mindmap Generator Pro

Security checks across malware telemetry and agentic risk

Overview

This skill is a simple mindmap helper with no executable code, though its local tool permissions and activation wording are broader than necessary.

Install only if you are comfortable with a mindmap helper that can use local file and shell tools when invoked. Keep its work limited to files you choose, review any proposed shell commands before running them, and verify the author/OpenAI requirement mismatch if provenance or paid-skill setup matters to you.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The skill declares very broad auto-activation conditions such as triggering when users mention the feature name or ask about related best practices in a wide category. This can cause the skill to activate in loosely related conversations, expanding the circumstances under which its allowed tools become available and increasing the chance of unintended execution or prompt-scope confusion.

Vague Triggers

Low

Confidence: 83% confidence
Finding: The example trigger phrase is short and conversational, making it likely to overlap with normal user speech. In an auto-activating skill, such overlap increases accidental invocation risk, which can unnecessarily expose the session to the skill's behavior and tool permissions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal