Story generation pipeline skill
Security checks across malware telemetry and agentic risk
Overview
This story-writing skill mostly does what it says, but one helper can read, write, or delete local JSON files outside its intended data folder if given a crafted pipeline ID.
Install only if you are comfortable with story drafts being saved locally. Avoid using sensitive private material in generated stories, and treat pipeline IDs as trusted values until the maintainer validates them and confines graph files to the intended data directory.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.