Back to skill

Security audit

Deposition Question Development

Security checks across malware telemetry and agentic risk

Overview

This skill is a local legal-PDF helper that extracts Relativity page text and IDs for deposition-question drafting, with no evidence of hidden network access, credential use, or destructive behavior.

Install only if you are comfortable letting the agent process the selected legal PDFs. Use specific PDF files or a narrow case-production folder, keep the generated JSON in an appropriate secure case workspace, delete or archive it according to confidentiality rules, and verify all document IDs, quotes, and legal analysis before relying on the output.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • System Prompt LeakageDirect Leakage, Indirect Extraction, Tool-Based Exfiltration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
70% confidence
Finding
Without declared permissions the skill's intent is opaque and cannot be validated.

Tp4

High
Category
MCP Tool Poisoning
Confidence
98% confidence
Finding
This is a mismatch because the declared purpose describes a much broader legal-analysis workflow than the code actually performs. The implemented code does cover the PDF-processing and bottom-right ID extraction portion, including the smaller-number selection rule, but it does not accept or use any legal theory, does not assess document relevance, does not group materials into deposition question sets, and does not generate rationales or supporting quotes. There is no evident hidden behavior beyond PDF parsing and JSON export; the mismatch is that the primary purpose in the description materially overstates the skill's actual functionality.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
This code writes full page_text, bottom_right_text, file paths, and extracted IDs to disk. Although the script's purpose is extraction, there is no explicit warning in the code comments, docstring, or CLI help that it persists potentially sensitive document contents to an output JSON file.

Direct Prompt Extraction

High
Category
System Prompt Leakage
Content
- Follow `references/deposition_output_template.md`.
   - Keep document IDs in ascending numeric order.

## Output Rules

- Do not merge different document IDs into one section.
- Do not omit `Reason` or `Quote` sections under any question.
Confidence
85% confidence
Finding
Output Rules

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.