Back to skill

Security audit

Write Coding Standards from File

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only helper for drafting coding standards from user-selected project files, with some file-writing and optional web-reference behavior that users should review but no evidence of deception or exfiltration.

Install only if you are comfortable letting the agent read the specific files or narrow folders you provide and create a standards document in the project. For private or restricted work, disable external style fetching, pass exact file paths, avoid secrets and environment files, and review any proposed README, test, or source-file changes before accepting them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
84% confidence
Finding
The manifest promises that analyzed source files will not be modified unless edits are explicitly requested and confirmed, but the skill's default behavior is to create a new project file and can also insert content into README.md under configuration. This mismatch can cause users or downstream systems to trust the skill as read-only when it actually performs writes, increasing the risk of unintended repository modifications.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill is described as deriving coding standards from provided local files and folders, yet it also enables external URL fetching by default. That broadens the skill's behavior beyond local analysis, creating an unexpected data-flow and network boundary crossing that users may not anticipate.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
Defaulting to third-party fetches for a task whose primary purpose is local file analysis introduces unnecessary network access and dependency on untrusted external content. This can leak metadata about the user's activity, make outputs depend on mutable remote resources, and expand the attack surface through prompt-injection-like or misleading remote content.

Description-Behavior Mismatch

Medium
Confidence
74% confidence
Finding
Generating an additional test file to enforce standards exceeds the stated scope of merely writing a coding standards document. While not inherently malicious, it expands the write surface and can introduce unexpected repository changes or automation artifacts if enabled without clear consent.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill instructs outbound fetches to numerous third-party URLs but does not prominently warn users that execution may involve network access. Lack of disclosure undermines informed consent and can violate expectations in restricted or privacy-sensitive environments.

Vague Triggers

Medium
Confidence
90% confidence
Finding
Allowing configuration overrides when a variable name appears 'as-is, or as a similar but clearly related text value' is overly permissive and ambiguous. This enables accidental or adversarial prompt wording to flip sensitive behaviors such as file editing, README modification, or network fetching without a precise, auditable parameter assignment.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.