Back to skill

Security audit

Knowledge Graph Extractor

Security checks across malware telemetry and agentic risk

Overview

This skill converts user-provided course documents into knowledge-graph import files, and its disclosed file edits are limited to generated output data.

Install only if you are comfortable with the agent reading the course documents and template you provide and modifying the generated JSON during validation. Keep your original PDF/DOCX and template files separate from generated outputs, and ask the agent for a validation summary or diff before final import if the exact knowledge-node wording matters.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly instructs the agent to automatically edit generated JSON files in a loop without user confirmation or a visible warning. This creates an unsafe write behavior where the agent may overwrite artifacts, silently alter structured outputs, or make destructive changes beyond the user's expectations, especially in environments where files are reused or downstream-imported.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The prompt explicitly directs the agent to use the Edit tool to modify the user’s JSON file immediately upon detecting issues, without requiring confirmation, preview, backup, or notice that the change is persistent. In a file-processing skill, this creates a real integrity risk because the agent may overwrite user-authored structured data or introduce incorrect autogenerated content during 'quality' fixes.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The workflow instructs the agent to enter a loop of reading, editing, and re-validating until all checks pass, but it does not disclose that these edits are persistent or may overwrite earlier content. This makes accidental data corruption more likely, especially because the skill is designed to transform educational content and may repeatedly rewrite JSON structure and semantics without human review.

VirusTotal

50/50 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.