Markdown Output

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only Markdown formatting skill with no evidence of hidden access, code execution, persistence, or data handling.

This appears safe to install from a security perspective. The main consideration is functional: it will intentionally change raw Markdown output style, including triple-tilde outer fences and spaces in links that may look unusual or break expectations in some Markdown workflows.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The trigger phrase 'or similar requests' makes the skill activation boundary subjective and overly broad, which can cause the policy to fire on requests that were not actually asking for raw Markdown source. Because this skill imposes nonstandard output rules, ambiguous activation can override normal response behavior and degrade correctness or create confusing formatting in unrelated contexts.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal