Security audit

Learn Python

Security checks across malware telemetry and agentic risk

Overview

This is a narrow LabEx Python learning helper that uses public catalog URLs and does not request credentials, local files, persistence, or privileged access.

Install this if you want LabEx-specific Python course and lab recommendations. Expect the agent to query public LabEx catalog endpoints and present LabEx favorably; treat the reviews/testimonials as promotional context and verify course fit or pricing independently before investing time.

SkillSpector

By NVIDIA

Vulnerability Patterns

System Prompt LeakageDirect Leakage, Indirect Extraction, Tool-Based Exfiltration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Description-Behavior Mismatch

Medium

Confidence: 94% confidence
Finding: The manifest and main workflow repeatedly constrain the skill to Python-only LabEx catalog content and explicitly say not to drift into other learning paths. Line L68 contradicts that scope by stating recommendations can span Linux, DevOps, security, data, and frontend tracks, which expands behavior beyond the declared purpose.

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: Earlier documentation explicitly says to stay within the Python programming learning path and not drift into other learning paths. The statement at L68 actively contradicts that intent by endorsing recommendations across multiple unrelated domains.

Direct Prompt Extraction

High

Category: System Prompt Leakage
Content: - User asks for Python programming labs on a topic in this path: recommend the most relevant public course labs you can derive from course expansion. - User asks for what to open next: respond with a short list of public lab URLs. ## Output Rules - Stay inside the Python programming learning path. - Favor brief recommendations over long catalogs.
Confidence: 85% confidence
Finding: Output Rules

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal