Security audit

thesis-introduction-writer

Security checks across malware telemetry and agentic risk

Overview

This is a low-risk writing aid for Chinese thesis introductions, with no executable code or hidden system access.

Install this if you want help drafting Chinese academic introduction sections. Verify all citations and sources yourself, follow your institution's academic integrity rules, and avoid giving the skill confidential participant data or unpublished sensitive research details.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Context-Inappropriate Capability

Medium

Confidence: 90% confidence
Finding: The guide explicitly tells the skill to browse credible sources when users ask for exact references or current literature. That expands the skill from user-supplied writing assistance into autonomous external information retrieval, which can introduce untrusted content, hallucinated citations if browsing is unavailable or partial, and behavior beyond the narrowly scoped thesis-introduction function. In this context the risk is moderate rather than severe because the domain is academic writing, but it still creates unnecessary data-flow and scope-expansion risk.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.