Security audit

tech-blog-wrtting

Security checks across malware telemetry and agentic risk

Overview

This skill is a simple technical blog writing helper, with the main caveat that it tells the agent to save the finished Markdown file into the current project.

Install if you want an agent to draft technical blog posts in Markdown. When using it, specify the exact filename or ask for the content inline if you do not want a file created, and review before allowing overwrites.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill explicitly instructs the agent to save a generated .md file into the current project, which creates a write side effect on the user's workspace without an explicit confirmation or safety boundary. In an agent setting, this can lead to unintended file creation, overwriting similarly named files, or repository pollution, especially if the topic-derived filename is unsafe or ambiguous.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal