Document Formatting Automation Helper

Security checks across malware telemetry and agentic risk

Overview

This is a low-risk, instruction-only document-formatting helper, though its demand evidence and trigger wording are sloppy and broader than ideal.

Install only if you want a general document-formatting workflow helper. Expect possible over-triggering on broad productivity or automation requests, and treat its demand-score/evidence claims as unreliable rather than as proof of popularity or need.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (13)

Intent-Code Divergence

Medium

Confidence: 96% confidence
Finding: The README claims validated demand for document-formatting automation, but the cited evidence is mostly unrelated to that topic. This can mislead users or reviewers into trusting the skill's legitimacy and activation scope based on fabricated or irrelevant support, which weakens governance and can help low-quality or deceptive skills pass review.

Description-Behavior Mismatch

Medium

Confidence: 98% confidence
Finding: The cited evidence largely consists of unrelated Stack Overflow, Software Engineering, and Superuser posts that do not substantiate the claimed demand for document-formatting automation. This weak provenance can be used to smuggle in or justify deployment of a skill under false pretenses, undermining review and trust decisions even if the file contains no direct code execution payload.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger sentences are broad and templated enough to overlap with normal user phrasing, increasing the chance that the skill activates in situations beyond its intended scope. Overbroad activation can cause inappropriate routing, unexpected instruction injection into unrelated conversations, or unintended reliance on the skill when the user did not explicitly choose it.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The trigger phrases are broad, generic request patterns such as asking for help or a practical workflow, which can overlap with ordinary user speech and cause the skill to activate unintentionally. In an agent environment, over-broad activation increases the chance of the skill being invoked outside its intended scope, potentially steering unrelated conversations or introducing unauthorized workflow behavior.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The skill description uses broad activation terms such as 'work-productivity' and 'needs a practical workflow, artifact, checklist, analysis, or implementation support,' which can match many unrelated user requests. Over-broad routing increases the chance this skill is invoked outside its intended scope, causing prompt hijacking of user intent, inappropriate task handling, or interference with more suitable skills.

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The keyword list includes generic triggers like 'work-productivity' and 'automation' without constraints tying them specifically to document-formatting workflows. Generic trigger tokens can cause accidental activation across a wide range of benign but unrelated tasks, expanding the skill's reach beyond its reviewed purpose and increasing misrouting risk.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The example trigger phrases are written in very general, everyday language and effectively encourage activation from loosely related requests. Because examples often shape matching behavior and author expectations, broad examples can further normalize over-triggering and reduce confidence that the skill is selected only for document-formatting tasks.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The skill description and usage conditions are broad enough to match many ordinary office-productivity requests, which can cause the agent to invoke this skill outside its intended scope. Over-broad activation increases the risk of prompt-routing errors, unintended handling of unrelated user data, and reduced predictability of agent behavior.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The keyword list contains common, high-frequency terms like 'automation' and 'styles' without boundary constraints, making accidental or excessive triggering likely. In an agent system, this can cause inappropriate skill selection and broaden the attack surface for prompt injection through unrelated conversations.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The example trigger phrases are highly generic and provide no counterexamples, which trains downstream routing behavior toward over-selection. This is dangerous because ambiguous examples often become de facto policy, leading the skill to activate for unrelated requests and potentially process content it should not handle.

Vague Triggers

Medium

Confidence: 85% confidence
Finding: The default prompt is broad and generic enough to match ordinary productivity requests, which can cause the skill to be invoked in contexts the user did not clearly intend. Combined with allow_implicit_invocation: true, this increases the chance of overbroad activation and unintended influence over unrelated document or workflow tasks.

Vague Triggers

High

Confidence: 94% confidence
Finding: The trigger sentence begins with a very broad phrase ('Help me') and then appends a truncated requirement description, making activation criteria overly permissive. In an agent system, this can cause the skill to trigger on many unrelated user requests, creating routing confusion, unintended handling, or skill shadowing over more appropriate tools.

Vague Triggers

Medium

Confidence: 95% confidence
Finding: This trigger sentence is ambiguous and insufficiently scoped because it asks for 'a practical workflow' tied to a truncated generic requirement statement rather than a clearly bounded task. That ambiguity increases the chance of accidental invocation for adjacent productivity requests, reducing reliability and potentially exposing users to irrelevant or incorrect automation guidance.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal