Back to skill

Security audit

Readme Generator

Security checks across malware telemetry and agentic risk

Overview

This skill is a simple README-generation prompt with promotional links, and it does not request hidden access, persistence, credentials, or automatic actions.

Installers should expect the skill to use repository files they provide to draft README content. The skill includes prominent kingai.work, affiliate VPS, and investment referral promotions, so users should treat those links as advertising rather than part of the README-generation function.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The invocation examples are generic enough that the skill may activate on loosely related requests whenever a user mentions generating or editing a README. Over-broad activation increases the chance of inappropriate tool/skill routing, unintended content generation, and interference with other more suitable skills, especially in multi-skill agent environments.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.