Legal Site Generator
Security checks across malware telemetry and agentic risk
Overview
The skill only writes a local static HTML file, but it does not generate the legal/compliance site it advertises and embeds user input into deployable HTML without escaping.
Review before installing or using. The skill appears locally scoped and not malicious, but do not deploy its output as a legal compliance website without fixing the placeholder generation, adding the promised pages, escaping user input, and checking whether ./dist/index.html can be safely overwritten.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
63/63 vendors flagged this skill as clean.