Back to skill

Security audit

Cg Paper Writing

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only academic writing skill with no executable behavior; the only notable issue is a Chinese writing-style default that users may need to override.

Safe to install as writing guidance. Specify the desired output language and venue style when using it, and verify citations, venue facts, and recent-paper references before relying on them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Natural-Language Policy Violations

Medium
Confidence
92% confidence
Finding
The skill hard-codes a Chinese academic writing requirement without presenting it as a selectable preference, which can override user intent and steer outputs into an unwanted language. While this is not a classic security exploit, it is a real policy/control issue because a skill should not silently constrain output format in ways the user did not request.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.