Security audit

AI Weekly Report

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward AI news report generator that fetches listed public sources and may save a local Markdown report.

Before installing, expect the skill to browse the listed AI news websites for the date range you provide and optionally create an AI weekly report Markdown file in the current directory. Check for an existing file with the same date-based name if you want to avoid overwriting.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 92% confidence
Finding: The skill directs the agent to save a Markdown file in the current directory without explicitly warning the user that a file will be created or could overwrite an existing file with the same generated name. This can lead to unintended local state changes, especially in environments where users expect read-only summarization behavior or where repeated runs may collide on filenames.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal