Back to skill

Security audit

GPT Web Chat Skill

Security checks across malware telemetry and agentic risk

Overview

The skill is aimed at ChatGPT browser automation, but it asks for broad local command authority and persistent browser-session handling while shipping only instructions, not the runtime scripts it tells the agent to run.

Review before installing. This skill is not clearly self-contained: it tells the agent to run local scripts that are not in the package, and it is designed to reuse a browser login session and send content to ChatGPT. Only use it in a workspace where you trust the referenced scripts and are comfortable with persistent ChatGPT browser automation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
79% confidence
Finding
The skill description includes trigger examples such as '帮我问 ChatGPT', '用 GPT 回答', and '把这段话发给 ChatGPT', which are broad phrases likely to occur in ordinary conversation. This can cause the skill to activate unexpectedly and route user content into browser automation against chatgpt.com without sufficiently explicit user intent, increasing the chance of unintended data disclosure or unintended external actions.

Natural-Language Policy Violations

Medium
Confidence
72% confidence
Finding
The skill metadata and description are written in Chinese and present examples only in Chinese, which can bias activation and responses toward a specific language without explicit user opt-in. This is primarily a safety and UX issue: it can cause misunderstandings about what the skill will do and may lead users to trigger external automation without fully understanding the action.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.