Document Multiple Repository

Security checks across malware telemetry and agentic risk

Overview

This is a documentation helper that reads user-selected local repositories and writes generated docs, with no evidence of hidden execution or data exfiltration.

Install only if you are comfortable letting the agent read the repository tree you choose. Point ROOT_PATH at approved projects only, write to a controlled OUTPUT_PATH, and review generated documentation for credentials, private configs, internal infrastructure, and wiki/business content before committing or sharing it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The skill instructs the agent to recursively scan a broad local root path and generate many output files, but it does not require explicit user confirmation, scope limitation, or a warning that local repositories and wiki content will be read and summarized. In an agent context, this can cause unintended access to sensitive source code, internal documentation, credentials embedded in repos, or business-process data, and can also create files in user-specified locations without clear consent boundaries.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal