Back to skill

Security audit

Japanese Tutor

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Japanese tutoring skill, with disclosed PDF-to-Gemini parsing and local study-note saving that users should understand before use.

Install only if you are comfortable with PDFs being processed by Google Gemini when you use PDF parsing. Avoid submitting confidential documents, and review the saved reference markdown files if you do not want study material retained for later sessions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The quick-action phrases are very broad and can trigger file parsing or tutoring workflows from short colloquial prompts without clear confirmation or scope limits. This increases the chance of unintended activation, especially for attachment processing, which could cause the agent to ingest or act on files the user did not explicitly mean to submit to this skill.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill instructs the agent to append extracted content into local reference files and create or update lesson files, but it does not warn the user or request consent before modifying persistent local data. This can lead to silent workspace changes, data contamination, prompt-injection persistence through poisoned study materials, and unintended retention of sensitive content from uploaded documents.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script uploads user-supplied PDF content to Google's Gemini API, which sends the document to a third-party service. There is no consent flow, warning, or data-classification check in the code, so users may unknowingly expose homework, personal data, or other sensitive document contents outside the local environment.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.