Back to skill

Security audit

Agent News Digest

Security checks across malware telemetry and agentic risk

Overview

This news digest skill mostly matches its purpose, but running it can automatically spend user API-key quota on a hard-coded Bitcoin news job without an explicit user request.

Review before installing or running. Use limited, revocable API keys, expect topics and retrieved article snippets to be sent to Tavily and the selected LLM provider, and remove or disable the automatic mock Bitcoin job unless you want startup to make external API calls immediately.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Low
Confidence
91% confidence
Finding
The skill description states that it performs real-time Tavily web searches and LLM-based summarization, but it does not warn that user-provided topics and related query data are transmitted to third-party services. This can expose sensitive user interests or confidential terms to external providers without informed consent, especially if users submit internal project names, incident terms, or personal data as topics.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The adapter concatenates system and user prompt content and sends it to Google's Gemini REST API, which is a third-party service. In a news-digest skill, prompts may contain user queries, article text, or other potentially sensitive data, and there is no evidence here of user disclosure, consent, minimization, or redaction before transmission.

VirusTotal

45/45 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
src/fetcher.ts:8