Paper Deep Reading

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent research-paper analysis helper with local text-processing scripts, though its dependency pins and registry tags should be cleaned up.

Install this for paper-reading workflows only if you are comfortable giving the agent access to the specific paper/source folders you provide. Use a narrow input directory and local output path, verify any online sources the agent retrieves, and pin or audit markdown and pyyaml versions in controlled environments. The publisher should correct the unrelated crypto and purchase capability tags.

SkillSpector

By NVIDIA

Vulnerability Patterns

Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Known Vulnerable Dependency: markdown — 2 advisory(ies): CVE-2025-69534 (Python-Markdown has an Uncaught Exception); CVE-2025-69534 (Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like se)

High

Category: Supply Chain
Confidence: 77% confidence
Finding: markdown

Known Vulnerable Dependency: pyyaml — 8 advisory(ies): CVE-2019-20477 (Deserialization of Untrusted Data in PyYAML); CVE-2020-1747 (Improper Input Validation in PyYAML); CVE-2020-14343 (Improper Input Validation in PyYAML) +5 more

Critical

Category: Supply Chain
Confidence: 96% confidence
Finding: pyyaml

VirusTotal

56/56 vendors flagged this skill as clean.

View on VirusTotal