Back to skill

Security audit

News Aggregator Skill

Security checks across malware telemetry and agentic risk

Overview

This is a coherent news aggregation skill that fetches public news sources and saves local reports, with some operational cautions but no artifact-backed malicious behavior.

Install this only if you are comfortable with a Python skill making live requests to multiple public news sites, optionally following article links in deep mode, and saving generated reports locally. Prefer narrower source selections when possible, treat fetched article text as untrusted web content, and pin dependencies in a controlled environment for better reproducibility.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill clearly directs use of a network-fetching script against multiple external news sources, but the metadata shown does not declare corresponding permissions. Undeclared network capability weakens user and platform transparency, making it harder to reason about data access, outbound requests, and trust boundaries.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill instructs the agent to always save full reports to the local reports/ directory without notifying the user or asking for consent. Silent file creation introduces persistence and possible data-retention issues, especially because fetched content and generated summaries may contain sensitive queries, derived insights, or environment-specific information.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The template includes a 'global scan' prompt that tells the agent to scan all sources without any topic, time, quantity, or output-bound constraints. Overly broad prompts can drive excessive data collection, unpredictable tool usage, and higher exposure to prompt-injection or unsafe content from multiple external sources at once.

Natural-Language Policy Violations

Medium
Confidence
83% confidence
Finding
The file opens by requiring the user to respond in Chinese, which imposes a language constraint without user opt-in. While not a direct code-execution issue, this can mis-handle user intent, reduce transparency, and make downstream review or safety monitoring harder when the user's preferred language differs.

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests
beautifulsoup4
Confidence
98% confidence
Finding
requests

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests
beautifulsoup4
Confidence
96% confidence
Finding
beautifulsoup4

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
97% confidence
Finding
requests

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.