Back to skill

Security audit

Taku Plan

Security checks across malware telemetry and agentic risk

Overview

This planning skill appears useful and not malicious, but it can modify project planning files from broad review prompts with unclear write boundaries.

Install only if you want this skill to actively participate in planning and design reviews, not just comment on them. Before using it, treat prompts like design review or plan review as potentially file-changing, check diffs to DESIGN.md and PLAN.md, and ask the agent to produce a dry-run review unless you explicitly want repository files updated.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill goes beyond evaluation and directs the agent to modify project artifacts by appending a section to DESIGN.md and incorporating fixes into implementation materials. That expands authority from analysis into state-changing behavior, which can cause unauthorized edits, overwrite user intent, or silently alter project scope without explicit approval.

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The instructions conflict about where design review results belong: they say not to put output in PLAN.md, but also say fixes are written into the plan. Ambiguous write targets are dangerous because an agent may resolve the contradiction unpredictably, producing incorrect or duplicated changes in sensitive planning artifacts.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill advertises multiple broad natural-language triggers such as "plan this," "review this plan," and "what could go wrong," which are common phrases that may appear in unrelated conversations. In an agent environment, this can cause unintended invocation of the planning pipeline, leading to unnecessary file reads/writes (for example DESIGN.md or PLAN.md) and potentially disruptive autonomous behavior when the user did not explicitly intend to run this skill.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger phrase "does this look good" is broad and conversational, making accidental invocation likely in normal discussion. Overbroad triggers can cause the wrong skill to run, leading to unsolicited critique or file-modifying behavior if paired with write instructions elsewhere in the skill.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs appending to DESIGN.md without clearly warning that it will modify a project file. Hidden or undeclared write behavior is risky because users may invoke what appears to be a review-only skill and unintentionally authorize persistent changes to repository content.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger list includes broad natural-language phrases such as "review this plan" and "what could go wrong," plus an ambiguous phase-based auto-activation condition. In an agent environment, overly generic triggers can cause the skill to activate in unintended contexts, leading to incorrect file modifications (for example appending to DESIGN.md) or interfering with other workflows without explicit user intent.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.