Skill Orchestration Core

Security checks across malware telemetry and agentic risk

Overview

This workflow skill is mostly purpose-aligned, but its validator can read and modify project files from design-controlled paths without enough containment or dry-run safeguards.

Use this only on trusted, version-controlled project worktrees. Review DESIGN.md before running validate-all or auto-fix, avoid absolute paths or ../ in expected_outputs, inspect diffs afterward, and do not let untrusted DESIGN.md content drive delegated skills or broad toolsets.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: When no expected markdown output file is found, _append_to_output silently falls back to modifying IMPLEMENTATION.md or requirements.md, which may be unrelated project documents. In an agent skill context, this can corrupt or inject placeholder content into sensitive design artifacts, causing integrity loss and potentially misleading downstream automation or reviews.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The README explicitly advertises that the validator will 'truly read project files' and can perform 'auto-fix', but it does not warn users that running these commands may modify repository contents. In an orchestration skill that operates across project files, omission of modification warnings can lead to unintended file changes, especially when users invoke examples verbatim.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal