Back to skill

Security audit

Prd

Security checks across malware telemetry and agentic risk

Overview

This PRD skill is mostly documentation, but it needs review because it recommends unattended coding-agent execution with permission bypass and repository commits.

Install only if you want PRD templates that may be used to drive coding agents. Avoid running the documented unattended permission-bypass loop in a real repository unless you intentionally accept automated file changes and commits; prefer human review, an isolated worktree, and explicit approval before commits.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The document explicitly states the skill only edits PRDs, but the included usage patterns instruct an agent to implement code, run checks, manage branches, and create commits. This capability mismatch can mislead users or higher-level policy controls about the skill’s actual operational scope, increasing the chance that autonomous code modification is enabled without appropriate review or safeguards.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The unattended loop invokes Claude with --dangerously-skip-permissions, allowing repeated autonomous execution without permission prompts or nearby safety warnings. In this context, the agent is instructed to read task files, implement changes, run checks, and update project state, so permission bypass materially raises the risk of unintended code changes, destructive commands, or unsafe repository operations occurring without human review.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The agent prompt template explicitly instructs the agent to create or checkout a branch, implement changes, commit them, and update repository files, but it does not include any requirement to obtain explicit user confirmation before modifying the repository state. In an agent skill, this can lead to unintended writes and commits being performed automatically, which is risky because repository mutation is a high-impact action and users may not expect autonomous persistence of changes.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.