Sanity CMS

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward Sanity CMS helper, but users should treat its API token and content mutation examples carefully.

Install this only if you want an agent to work with your Sanity project. Use a Viewer token for read-only work, use an Editor token only when you intend to change content, avoid exposing the Authorization header or token in logs, and confirm create, update, publish, or delete actions before running them against production.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill documents create, update, delete, and publish operations against a live CMS without explicit warnings, confirmation requirements, or guardrails around destructive changes. In an agent setting, this increases the chance of unintended data loss, overwrites, or publication actions because the instructions normalize mutation flows but do not require user confirmation or safer defaults.

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The documentation instructs use of a bearer API token and shows it being sent in requests, but does not warn about secret handling, least-privilege token scopes, or the sensitivity of queried/mutated content sent to Sanity. This can lead to credential leakage in logs, shell history, screenshots, or misuse of overly privileged tokens in production environments.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal