Back to skill

Security audit

doc-export

Security checks across malware telemetry and agentic risk

Overview

This skill is a document exporter, but it can publish conversation-derived content to a hard-coded public website without a clear final approval step or retention limit.

Install only if you control the listed server path and domain and are comfortable with generated documents becoming publicly reachable. Before using it, require the agent to show the document, filename, and URL before publishing, remove secrets or private details from the content, and request deletion of both the public copy and the archived local copy when no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill instructs the agent to publish conversation-derived documents to a publicly reachable web server and to retain a copy in an archive directory, but it does not require explicit user consent or warn that the content may be publicly accessible and persist after download. This creates a real risk of unintentionally exposing sensitive prompts, credentials, internal architecture details, or personal data derived from the conversation.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrase set includes broad language such as '导出文档', which can match ordinary conversational requests without the user understanding that the action includes publication to a public website. Because activation can lead directly to external exposure of generated content, an overly broad trigger materially increases the chance of accidental invocation and unintended disclosure.

Ssd 3

High
Confidence
99% confidence
Finding
The workflow explicitly tells the agent to copy conversation-derived documents into an nginx web root and return a public HTTPS link. In this skill context, the document contents are synthesized from prior conversation history, so secrets, personal data, business-sensitive details, or security instructions may be published verbatim or in summarized form to anyone who obtains the URL, and cleanup is manual and delayed.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.