Back to skill

Security audit

Web To Pdf

Security checks across malware telemetry and agentic risk

Overview

The skill appears to convert webpages to PDFs, but its broad activation wording and raw shell deletion instructions create enough user-control and local-file risk to require review before installation.

Install only if you are comfortable with the agent generating and sending webpage PDFs and then deleting the local copy. Avoid using it on authenticated or sensitive pages unless you explicitly requested a PDF export, and review any cleanup command before it runs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The skill instructs use of the general-purpose exec tool to delete files and resolve paths, even though webpage-to-PDF conversion should be achievable with narrower file-management primitives. Introducing shell execution expands the attack surface: if file paths are malformed, attacker-influenced, or substituted, the agent could run unintended commands or delete unintended files.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger phrases are broad enough to match common requests like 'show me this page' or 'let me see this website,' which can cause the skill to activate in situations where the user did not specifically request file creation or transmission. Over-broad activation increases the chance of surprising actions, unnecessary browsing, or unintended handling of sensitive URLs and page content.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The skill directs immediate deletion of the generated PDF after sending it, but does not warn the user or provide an option to retain the local artifact. Destructive behavior without disclosure can interfere with auditability, retries, or user expectations, and becomes more risky if the path is wrong or the file is needed for later review.

Tool Parameter Abuse

High
Category
Tool Misuse
Content
Delete the local PDF file immediately after sending to save space:

```
exec command=rm /path/to/file.pdf
```

Or in one line:
Confidence
94% confidence
Finding
rm /path/to/

Tool Parameter Abuse

High
Category
Tool Misuse
Content
Or in one line:
```
exec command=rm /path/to/file.pdf && echo "✅ PDF cleaned up"
```

## Why This Workflow
Confidence
97% confidence
Finding
rm /path/to/

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.