Security audit

Document Signature Packet Builder

Security checks across malware telemetry and agentic risk

Overview

This is a prompt-only document checklist skill with no code or permissions, but users should be careful with its example about sensitive document scans and cloud storage.

Before installing, understand that this skill is suitable for organizing document-signing logistics, not legal advice. Avoid sharing full ID numbers or unnecessary document contents with the assistant, confirm requirements with the issuer, and be cautious about storing identity, bank, credit, or employment scans in cloud storage unless you control encryption, access, MFA, and retention.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Description-Behavior Mismatch

Medium

Confidence: 90% confidence
Finding: The Chinese scenario expands the skill from packet-specific signing logistics into a generalized 'universal materials checklist' for renting, employment, and partnership matters. That broadening encourages collection of sensitive identity and financial documents based on document category rather than issuer-provided instructions, which conflicts with the skill's stated boundaries and can lead users to overshare unnecessary personal data.

Context-Inappropriate Capability

Medium

Confidence: 97% confidence
Finding: The example explicitly recommends storing scans of identity documents and other commonly used materials in third-party cloud services. Encouraging centralized cloud storage of highly sensitive documents without discussing encryption controls, provider trust, access restrictions, retention, or breach risks can increase exposure of identity and financial information if the account or service is compromised.

Intent-Code Divergence

Medium

Confidence: 77% confidence
Finding: The scenario guidance appears to endorse template outputs that infer common required materials from broad categories like rental, work, or partnership contracts, despite the operating rule saying not to infer hidden requirements from document type. This inconsistency can cause the assistant to suggest unnecessary or sensitive documents that were never requested, increasing privacy risk and potentially confusing users about actual issuer requirements.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The example recommends storing identity-document scans in cloud services but does not include a clear warning about privacy and security risks. Because the skill already handles sensitive items like IDs, bank records, and proof documents, omitting such warnings normalizes risky handling practices and may lead users to expose high-value personal data in insecure or over-retained storage.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.