Security audit

Flow PDF Generator

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward local PDF generator with no evidence of hidden network access, credential use, persistence, or destructive behavior.

Install only if you want a local Python helper that reads the JSON and image paths you provide and writes a PDF file. Use a virtual environment for ReportLab, avoid untrusted input files, and check the output path before generation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger list includes broad, common phrases such as 'Save as PDF' and 'Generate PDF' that can plausibly appear in normal conversation, increasing the chance the skill is invoked when the user did not explicitly intend to use this specific tool. In an agent environment, accidental invocation can cause unintended file creation or content export actions, especially if downstream automation writes files without additional confirmation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.