Ai Prompt Library

Security checks across malware telemetry and agentic risk

Overview

This is a low-impact local prompt-helper with overstated claims and local history logging, but no evidence of credential theft, network exfiltration, destructive actions, or hidden privilege use.

Install only if you are comfortable with a small local CLI helper rather than a complete system-prompt/model library. Do not pass secrets, proprietary prompt text, customer data, or sensitive project names as command arguments unless the local history behavior is removed or disabled, and treat the evaluate command as buggy until fixed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (6)

Description-Behavior Mismatch

Medium

Confidence: 92% confidence
Finding: The script logs command usage and user-supplied arguments to a persistent history file even though the skill is presented as a prompt/model library utility. Because prompt arguments can contain sensitive prompts, model instructions, proprietary text, or personal data, this creates undisclosed local data retention and possible privacy leakage.

Context-Inappropriate Capability

Medium

Confidence: 94% confidence
Finding: The script creates a persistent data directory and writes history logs despite the stated purpose being a simple prompt assistant. That extra persistence capability is not necessary for core functionality and increases the risk of silent collection of potentially sensitive user activity.

Intent-Code Divergence

High

Confidence: 98% confidence
Finding: The help text claims an 'evaluate' command exists, but the dispatcher calls `cmd_"$@"` instead of the defined `cmd_evaluate`. This allows user-controlled function-name construction, so unexpected shell words can trigger command execution behavior rather than the intended fixed evaluator path, making the skill significantly more dangerous than its documented interface suggests.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: Very generic command names like 'help', 'run', 'info', and 'status' can collide with ordinary user language and other skills' triggers, causing accidental invocation. In an agent setting, that increases the chance that the wrong skill executes unexpectedly, which is especially risky when the skill's purpose is already ambiguous.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: User-provided command arguments are written to a history log without disclosure. In this skill context, arguments are likely to be prompts or system instructions, which are often sensitive and may contain secrets, personal data, or internal workflows.

Missing User Warnings

Low

Confidence: 89% confidence
Finding: The script silently creates a persistent local data directory and log files with no user-facing warning. While local persistence alone is not remote compromise, it creates an undisclosed privacy and transparency problem that is especially concerning for a tool handling prompt content.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal