Back to skill

Security audit

AgentYMLgenerator

Security checks across malware telemetry and agentic risk

Overview

This skill is an instruction-only helper for turning business process text into Dify workflow YAML, with no executable code or hidden system access found.

Install this only if you want the agent to proactively convert SOPs or business-process descriptions into Dify YAML. Be careful pasting confidential operational documents, and review the generated YAML before importing it into Dify.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill is configured to trigger on very broad inputs, including cases where a user merely describes a business process or pastes an SOP. In an agent environment, this can cause over-invocation, leading the system to prematurely transform sensitive operational text into executable workflow artifacts, increasing the risk of unintended automation, prompt-scope hijacking, or mishandling of confidential process content.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.