Back to skill

Security audit

Knowledge Digest

Security checks across malware telemetry and agentic risk

Overview

This is a study-material generation skill whose optional search and file creation are disclosed and aligned with its educational purpose.

Reasonable to install for creating educational materials. Avoid uploading confidential, proprietary, or copyrighted documents unless you are comfortable with the agent and configured generation tools processing them, and review any searched source material for accuracy.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrases are extremely broad and map to common educational requests like study notes, quizzes, and slides, which increases the chance the skill is invoked when the user did not explicitly intend to use it. Unintended invocation can expose user-provided materials to the skill's automated workflow, including downstream search, file generation, and external tool use without clear consent boundaries.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs the agent to use search tools to collect materials when the user selects that path, but it does not require disclosure that external retrieval will occur or warn about privacy and provenance risks. In an education workflow, users may provide sensitive topics, proprietary course materials, or student context, and silent external retrieval can create unintended data exposure and trust issues around source quality.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.