Back to skill

Security audit

Flow PDF Generator

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward local PDF generator with no evidence of hidden network access, credential use, persistence, or destructive behavior.

Install only if you want a local Python helper that reads the JSON and image paths you provide and writes a PDF file. Use a virtual environment for ReportLab, avoid untrusted input files, and check the output path before generation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger list includes broad, common phrases such as 'Save as PDF' and 'Generate PDF' that can plausibly appear in normal conversation, increasing the chance the skill is invoked when the user did not explicitly intend to use this specific tool. In an agent environment, accidental invocation can cause unintended file creation or content export actions, especially if downstream automation writes files without additional confirmation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.