AI README Manager

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed AI_README convention manager; its broad MCP use and file updates are real cautions but fit the stated purpose.

Install this only if you want an agent to consult and maintain AI_README.md files during coding. Review the ai-readme-mcp package you are registering, and ask the agent to confirm before initializing or updating AI_README files in sensitive repositories.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The skill advises calling `get_context_for_file` before any code-related task, which is an overly broad trigger that can cause the agent to send project file paths and contextual metadata to an external MCP service for nearly every development action. Even if the tool is legitimate, this creates unnecessary data exposure and expands the trusted computing boundary without clear user consent or scope limits.

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The instruction `ALWAYS call get_context_for_file(projectRoot, path) first` uses an absolute mandate with ambiguous scope, encouraging unconditional tool invocation regardless of task sensitivity, repository trust, or whether the file is user-provided. In practice, this can force unnecessary disclosure of project structure and contents to the MCP integration and may let the skill override safer agent decision-making.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal