Markdown Docs Full-Text Search

Security checks across malware telemetry and agentic risk

Overview

This is a local Markdown documentation search skill whose main risk is that it stores and displays the documents the user chooses to index.

Install only if you are comfortable creating a local searchable index of the Markdown files you choose. Avoid indexing secrets, private notes, or mixed-sensitivity directories, and use a dedicated database path rather than pointing --db at an unrelated SQLite file.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The tool prints matched snippets and can optionally emit full article contents, which can expose sensitive documentation text to users, logs, terminals, or downstream systems without any warning or guardrails. In a documentation-search skill, this risk is elevated because users may point it at proprietary or internal Markdown archives and unintentionally exfiltrate large amounts of content.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal