Legal Doc Summarizer

Security checks across malware telemetry and agentic risk

Overview

This is a text-only legal document summarizer with no code execution or credential use, though its trigger phrases and metadata are broader than ideal.

Install only if you want general legal-document review assistance. Avoid relying on it as legal advice, verify jurisdiction-specific statements with a lawyer, and be aware that broad trigger phrases may make it activate on non-legal requests unless you provide clear document context.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The trigger list includes very broad phrases such as "redline" and especially "what does this mean," which can match many ordinary user requests outside the intended legal-document-review context. That can cause the skill to activate on unrelated content, increasing the chance of inappropriate handling of non-legal inputs, privacy over-collection, or misleading legal-style output where it does not belong.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal