Anki Fusion

Security checks across malware telemetry and agentic risk

Overview

This skill coherently helps create Anki flashcards from user-provided learning material, with only ordinary privacy and file-output considerations.

Before installing, be mindful that using web URLs may contact third-party sites and that PDFs or notes may contain sensitive study material. Generated .apkg decks will be written as local artifacts and may retain that content, so choose inputs and output locations accordingly.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill explicitly accepts remote URLs and PDFs but does not disclose the privacy and network-safety implications of fetching external content. Users may unknowingly cause the system to contact third-party sites, expose IP/user-agent or embedded metadata, and process sensitive document contents without informed consent.

Missing User Warnings

Low

Confidence: 80% confidence
Finding: The skill states it will generate a direct-import .apkg file but does not warn that this creates an output artifact on disk and may affect storage, overwrite expectations, or user data handling workflows. While not inherently dangerous, undisclosed file creation can surprise users and lead to accidental retention or import of sensitive study content.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal