paper-introduction-writer

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed academic writing helper made of Markdown instructions only, with no hidden code or credential access found.

Before installing, be aware that full-generation requests may create Markdown files in your current directory and may duplicate your research notes into English and Chinese draft artifacts. Use inline or single-language output for sensitive work, and replace all citation placeholders with verified real references before submitting anything academically.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill instructs the agent to save output files into the user's current working directory by default, which creates files without an explicit opt-in step. In an agent setting, implicit file writes can surprise users, overwrite nearby work despite collision-avoidance logic, or be abused to leave unintended artifacts in sensitive repositories or shared directories.

Natural-Language Policy Violations

Medium

Confidence: 90% confidence
Finding: The skill makes dual-language output the default, including a Chinese annotated file, without explicit user opt-in. This can cause unnecessary data proliferation, increase the chance of exposing user-provided research content in extra artifacts, and create outputs the user did not request, which is risky in constrained or privacy-sensitive environments.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal