Back to skill

Security audit

Content Summarizer

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward URL/text summarizer, but users should avoid using it on private content because it saves extracted text locally and prepares prompts for external AI use.

Install only if you are comfortable with a CLI tool that fetches URLs you provide and writes summary files locally. Use it for public or shareable content, change OUTPUT_DIR for sensitive work, clean up generated files when done, and review extracted text before copying the AI prompt into another service.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
80% confidence
Finding
The skill is framed as applicable to 'any URL' and 'any URL or raw text' without scoping, trust boundaries, or trigger constraints. In an agent environment, such broad invocation language can encourage unbounded fetching of attacker-controlled resources, internal endpoints, or sensitive content, making misuse and unsafe automation more likely.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation instructs users to fetch arbitrary URLs and save results under `/tmp` without clearly warning about network access, third-party data retrieval, or local file creation. That omission can lead users or orchestrating agents to invoke the skill in contexts where network egress, untrusted content ingestion, and disk writes are unexpected, increasing the chance of SSRF-style misuse, privacy issues, or unsafe local artifact handling.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script persists user-supplied content to /tmp and later embeds the full original text in the generated markdown file, which can expose sensitive input beyond the current session. In multi-user or shared environments, temporary-directory storage and lack of explicit consent increase the risk of unintended disclosure through local access, backups, logs, or later reuse of the file.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script embeds fetched article text and the source URL directly into an 'AI Enhancement Prompt' intended for use with an external AI agent, but provides no warning that third-party content may be forwarded outside the local environment. This creates a real data-sharing risk: users may unknowingly paste sensitive or licensed content, internal URLs, or access-controlled material into an external model, causing confidentiality, privacy, or compliance issues.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.