Security audit

Paper Writing Workflow

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent academic paper-writing workflow with only a small local helper script and no evidence of credential access, network access, destructive actions, or hidden persistence.

This appears safe to install for academic drafting, but treat it as a workflow coordinator: review any companion skills it calls, expect local Markdown output when using the helper script, and verify generated citations, claims, and journal formatting before relying on the result.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger keywords are broad and overlap with ordinary academic-writing requests such as 'paper writing' and 'thesis writing'. This can cause the workflow to activate unintentionally for generic requests, expanding the skill's scope and potentially invoking multiple downstream writing/research skills without the user explicitly requesting this workflow.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal