Back to skill

Security audit

Skill Autogenesis

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only skill for turning repeated workflows into reusable skills, with disclosed persistence behavior and multiple gates against saving the wrong material.

Install this only if you want an agent to actively maintain procedural memory. Keep skill-management permissions scoped, review generated or patched skills for accidental secrets or overfitting, and require human approval in your runtime if you do not want autonomous create or patch behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The fallback reference exposes broad state-changing capabilities such as create, edit, patch, delete, write, and remove operations, which exceed this skill's stated role of reviewing work and deciding whether to create or update procedural memory. In an agentic environment, documenting or surfacing these actions can enable unintended destructive changes to persistent skills or supporting files if the agent over-trusts the fallback behavior or the skill is invoked outside its intended scope.

Description-Behavior Mismatch

Medium
Confidence
86% confidence
Finding
The schema description advertises update, delete, and arbitrary file-management behavior that is broader than the manifest's autogenesis review-and-decision purpose. This mismatch increases the risk that an agent or integrator will treat the skill as authorized to perform persistent modifications, leading to unauthorized changes to skills or supporting files.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The skill recommends loading itself early and evaluating 'every substantial task' as a candidate for procedural learning, which creates a broad trigger surface for an agent operating with file and memory tools. In practice, this can cause over-activation and unintended persistence of workflows, increasing the chance of unauthorized skill creation or modification from ordinary tasks without sufficiently explicit user consent at invocation time.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
This section authorizes autonomous creation and updating of skill files, README files, references, templates, scripts, and assets, but it does not require a prominent user-facing warning or confirmation before modifying persistent files. In a tool-using agent environment, that can lead to silent filesystem changes, procedural drift, or persistence of unsafe logic, especially because the skill is explicitly designed for self-improving behavior across sessions and agents.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.