Back to skill

Security audit

Blog Polisher

Security checks across malware telemetry and agentic risk

Overview

This is a simple blog-polishing skill that reads a user-chosen Markdown draft and writes a polished copy, with some privacy and overwrite caveats.

Install only if you are comfortable letting the agent read the draft path you provide and create a polished markdown file. Avoid using it on drafts containing secrets, credentials, private notes, or unpublished sensitive material, because it asks to display the raw draft in chat. Review or choose the output path before writing so an existing file is not accidentally replaced.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (6)

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The skill promises to ask before major paragraph changes, but its workflow still proceeds to writing the polished file without a mandatory confirmation gate. This can cause unauthorized content modifications and weakens user control over file-changing actions, especially when the skill also writes to disk.

Scope Creep

High
Confidence
97% confidence
Finding
The metadata declares no required permissions, but the instructions direct the agent to read and write local files. This mismatch undermines permission transparency and can lead to file access occurring without clear upfront disclosure or enforcement.

Vague Triggers

Medium
Confidence
77% confidence
Finding
The description is broad enough to match common writing-assistance requests, increasing the chance the skill is invoked in contexts the user did not specifically intend. Over-broad activation becomes more risky here because the skill reads user-supplied files and can write new files to disk.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The usage guidance describes the skill in expansive terms without clear boundaries, which can cause accidental triggering on loosely related requests. Because the workflow performs file I/O, accidental activation can expose or alter local content beyond user expectations.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs the agent to write an output file but does not clearly warn about disk creation or possible overwrite behavior. Users may not realize the action persists content locally, which can lead to unintended file changes, clutter, or replacement of existing files if an output path is reused.

Ssd 3

Medium
Confidence
95% confidence
Finding
The instruction to show the raw draft first unnecessarily reflects the entire file contents back to the user or calling context. If the draft contains secrets, personal data, or unpublished material, this increases exposure beyond what is needed to perform polishing.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.