lqs-skill

Security checks across malware telemetry and agentic risk

Overview

This is a prompt-and-template code generation skill for an LQS project, with review-before-write behavior and no executable installer or hidden runtime code found.

Install only if you want an LQS-specific boilerplate generator. Use pasted or exported document text rather than letting it fetch Google Docs automatically, review the preview diff and target paths before approving writes, and review generated migrations separately before running them.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Description-Behavior Mismatch

Medium

Confidence: 90% confidence
Finding: The example contract explicitly says to fetch the body of a public Google Doc, which conflicts with the stated skill boundary that it is manual-run only and does not fetch external documents automatically. This kind of scope contradiction is dangerous because implementers may follow the example rather than the manifest and add remote retrieval behavior, increasing exposure to untrusted external content, privacy issues, and accidental capability creep.

Intent-Code Divergence

Medium

Confidence: 92% confidence
Finding: The documented workflow prescribes remote Google Doc retrieval even though the skill metadata says it does not fetch external documents automatically. Such contradictory documentation can mislead downstream developers or agents into implementing behavior that bypasses intended trust and review boundaries, making external-content ingestion seem authorized when it is not.

Description-Behavior Mismatch

High

Confidence: 94% confidence
Finding: The prompt explicitly instructs the skill to write files when status is approve, which conflicts with the stated skill metadata that it is a manual-run, preview/diff-oriented generator that does not execute side effects automatically. This mismatch can cause an agent or integrator to perform real filesystem modifications under the guise of a safe planning skill, increasing the risk of unintended or unauthorized file changes.

Intent-Code Divergence

Medium

Confidence: 89% confidence
Finding: The prompt mixes two incompatible behaviors: preserving dry-run mode while also performing actual writes on approval. This ambiguity is dangerous because agents may interpret approval as sufficient authorization to bypass dry-run safeguards, leading to accidental state changes or inconsistent enforcement of safety controls.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal