Security audit

Paper Deep Reading Teaching Explainer

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed paper-reading, teaching, storyboard, and local PDF-bundling workflow, with no evidence of hidden execution, credential use, persistence, or exfiltration.

Install only if you are comfortable using it on papers and derived teaching materials. Review any generated zip before uploading it to project sources, avoid using broad personal directories as a workspace root, and use external image APIs only for content you are allowed to send to that provider.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Description-Behavior Mismatch

Medium

Confidence: 89% confidence
Finding: The manifest frames the skill as a deep-reading/reporting tool, but the body expands it into active image generation and PDF export. This scope drift matters because users and platform controls may trust the skill for analysis-only behavior while it also performs content generation and file-creation actions with different safety and governance requirements.

Context-Inappropriate Capability

Medium

Confidence: 83% confidence
Finding: The skill authorizes use of external image-generation APIs as part of a paper-reading workflow without a tightly bounded need-to-use rule. That can expose uploaded paper content, report content, or derived proprietary material to third-party services and expands the attack surface beyond the core analysis task.

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The template declares "skill_name": "paper-deep-reading-workbench" while the manifested skill is "paper-deep-reading-teaching-explainer", creating an identity mismatch in routing metadata. This can cause orchestration logic, audit trails, or downstream handoff checks to associate status files with the wrong skill, leading to incorrect routing, skipped validation, or cross-skill artifact confusion.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The template instructs the agent to package and upload multiple generated directories to the current project `sources` without requiring confirmation of destination, authorization, or a check that the files are appropriate to transfer. In a skill that handles research papers, derived teaching materials, and intermediate artifacts, this can cause unintended data exfiltration, oversharing of sensitive intermediate content, or cross-scope transfer into a project repository the user did not explicitly approve.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.