digital-solution-designer

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed digital-solution planning assistant with a local diagram-generation helper, and I found no hidden data access, persistence, exfiltration, or destructive behavior.

Before installing, be aware that the skill may guide the agent to ask for business, budget, system, and project context, and may suggest web research for missing industry background. For confidential client work, require approval before browsing, avoid putting sensitive client details into searches, and approve Graphviz/package installation only when you need diagram generation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (3)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 77% confidence
Finding: The skill instructs the agent to read multiple local reference files and a script, but the metadata declares no permissions. This creates a hidden capability boundary where reviewers and users cannot accurately understand what the skill may access, increasing the risk of unintended file exposure or over-broad execution in environments that trust the manifest.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 91% confidence
Finding: The skill claims broad end-to-end solution design capabilities, but the concrete executable behavior appears limited to reading local materials and rendering architecture diagrams from templates or DOT input. This mismatch is security-relevant because it hides the true operational surface, including file reads and content-driven diagram generation, making risk review, user consent, and policy enforcement unreliable.

Vague Triggers

Medium

Confidence: 80% confidence
Finding: Broad trigger phrases such as generic requests for designing systems, platforms, architectures, or plans can cause the skill to activate in unintended contexts. This increases the chance of prompt hijacking, skill misuse, or accidental routing of unrelated user requests into a powerful workflow that may solicit excessive information or produce misleading outputs.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal