Back to skill

Security audit

ia-compound-docs

Security checks across malware telemetry and agentic risk

Overview

This is a documentation workflow that writes local solution notes, with some broad trigger wording users should understand before installing.

Install this only if you want an agent workflow that can capture resolved debugging context into local repository documentation. Ask it to preview the target path and summary before writing, and review generated notes for secrets, private URLs, customer data, or sensitive incident details before committing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The documented workflow allows branching from a documentation skill into creating a new skill, which expands capability beyond the declared purpose of capturing resolved issues. That scope creep can cause an agent to make higher-impact repository changes than the user reasonably expects from a documentation action, increasing the risk of unauthorized or surprising modifications.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The skill instructs auto-invocation on broad phrases like "that worked" or "it's fixed," which can trigger unexpectedly in unrelated conversations. In a documentation-writing workflow, this can cause unintended file creation, premature workflow interruption, or capture of incomplete/sensitive context when the user did not intend to start a documentation process.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The auto-invocation phrases are very common confirmations used in ordinary conversation, so the skill may trigger unintentionally during unrelated chat. Because later steps include gathering context, searching files, and potentially creating documentation, accidental activation can lead to unintended workflow execution and repository writes.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The process instructs the agent to create files and modify existing documentation without an explicit user-facing warning that repository contents will be written or changed. In an agent setting, silent writes are risky because users may believe they are only receiving advice, while the skill actually performs persistent changes across docs and cross-references.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The example shows the skill auto-invoking on a very broad phrase like "That worked!", which can easily appear in normal conversation without the user intending to trigger documentation behavior. In a skill that gathers context and creates files, this creates a meaningful risk of unintended activation, unexpected data capture, and side-effecting actions based on incidental confirmation language.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The example describes creating a documentation file directly after internal validation steps, with no explicit user warning, consent, or final confirmation before writing to the repository. In this context, the skill is designed to persist potentially sensitive debugging context and institutional knowledge, so silent file creation increases the risk of unintended disclosure, noisy commits, and recording information the user did not mean to store.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.