Md Of Programer

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward Markdown diagram helper; the main caution is that a broad trigger phrase could activate it for general diagram requests.

Install this if you want an agent to update Markdown files, create .mddoc diagram sources and PNGs, and run local mddoc/d2 commands. Review any proposed npm, brew, or winget install before approving it, and be aware that the generic "diagram" trigger may activate the skill during casual diagram-related requests.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The trigger phrases include very generic terms like "mind map" and especially "diagram," which can match many ordinary user requests and cause the skill to activate unexpectedly. Because the skill has Bash and Write access and instructs package installation and command execution, over-broad activation increases the chance of unintended tool use and shell execution in contexts where the user did not explicitly ask for this specific skill.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal