ai-infographics-news

Security checks across malware telemetry and agentic risk

Overview

This skill coherently researches recent public AI news and creates an infographic, with only a sharing caution around optional CDN upload.

Install this if you want automated AI-news infographic creation from web results. Review the selected news for accuracy, and only allow CDN upload when you intentionally want the generated image shared outside the local workspace.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The trigger description contains broad catch-all activation language such as requests combining AI news research with visual output, which can cause the skill to activate in situations the user did not explicitly intend. This raises the risk of unexpected web searches and downstream actions like image generation, increasing the chance of overreach, privacy surprises, or unintended tool use.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill instructs the agent to upload generated output to a CDN for sharing but does not require an explicit user warning or consent step before external transfer. This is dangerous because generated images may contain sensitive or proprietary content derived from the user's request, and uploading them off-platform creates a data exfiltration and privacy risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal