thesis-literature-review-writer

Security checks across malware telemetry and agentic risk

Overview

This appears to be a narrow academic writing helper, with no evidence of unsafe system access or hidden behavior.

Reasonable to install if you need help structuring or drafting a Chinese thesis literature review. Use it as an academic drafting aid, verify citations and source accuracy yourself, and follow your institution's academic-integrity rules.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The default invocation prompt is broad enough that the skill may be triggered for loosely related thesis-writing requests without clear scoping to literature-review-only tasks. In an agent environment, overly broad trigger language can cause misrouting, inappropriate invocation, or accidental handling of adjacent academic-writing tasks, which may lead to user confusion, policy bypass of stricter skills, or generation beyond the intended section boundary.

Natural-Language Policy Violations

Medium

Confidence: 82% confidence
Finding: The skill metadata and default prompt enforce Chinese output without indicating that language should follow user preference or an explicit locale requirement. This can cause unintended language coercion, reduce usability for multilingual users, and increase the chance the agent applies the skill in contexts where Chinese-only output is inappropriate or misleading.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal