Back to skill

Security audit

Chatgpt Apps

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent ChatGPT Apps builder whose broad build, secret, database, and deployment guidance is disclosed and aligned with its purpose, but users should handle credentials and public deployment carefully.

Install this only if you want an agent to build and possibly deploy ChatGPT Apps. Before running deployment, review generated code, confirm tests and validation pass, keep AUTH0_CLIENT_SECRET and SUPABASE_SERVICE_ROLE_KEY only in secure server-side environment variables, do not commit real secrets, verify database RLS/user isolation, and make sure any Render MCP endpoint is intended to be public.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The deployment workflow instructs the agent to generate deployment configuration, push code, and publish a production service, but it does not require an explicit user confirmation or warning before actions that can expose code or create internet-facing infrastructure. In an agentic context, this increases the risk of unintended publication, cost-incurring actions, or release of incomplete or sensitive applications.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The authentication section tells the user to obtain and place client secrets and related credentials into environment configuration, but it omits explicit handling guidance for sensitive secrets. This can lead to accidental disclosure through commits, logs, previews, screenshots, or use in client-side contexts, especially since the skill is designed to generate and modify app code automatically.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The database setup instructs use of a Supabase service role key, which is highly privileged and can bypass normal access restrictions, yet the skill provides no explicit warning about its sensitivity or server-only handling requirements. In a code-generation workflow, this omission raises the chance that the key is embedded in insecure locations, leaked in repositories, or misused in contexts where compromise would expose or modify all database data.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.