Back to skill

Security audit

Agent Skills Framework Explorer

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only educational skill about agent frameworks; its examples include real integration commands, but there is no hidden execution, persistence, or credential collection.

Install this if you want guidance on choosing or building agent frameworks. Before running copied examples, review package sources, tokens, repository names, Slack targets, and any write-capable operation such as creating GitHub issues or sending messages.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The MCP example normalizes a write-capable tool call (`create_issue`) in a generic instructional context, which can steer an agent toward state-changing behavior when the surrounding task is only exploratory or informational. In agent/tool ecosystems, examples strongly influence downstream implementations, so demonstrating mutation without explicit consent, safeguards, or a read-only alternative increases the risk of unintended external side effects.

Vague Triggers

Medium
Confidence
74% confidence
Finding
The trigger phrase at line 20 is broad enough to match ordinary user requests, which can cause the skill to activate outside its intended scope. Over-broad activation increases the chance that users receive framework-specific guidance or tool-oriented workflows when they did not explicitly request this skill, creating misrouting and potential tool-use confusion.

Vague Triggers

Medium
Confidence
71% confidence
Finding
The embedded manifest uses vague example triggers like 'run my task' and 'execute my workflow', which are highly generic and could be copied into new skills, propagating unsafe activation patterns. In a skill that teaches developers how to build skills, underspecified examples are especially risky because they may be reused verbatim across deployments.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.