Document to Mindmap

Security checks across static analysis, malware telemetry, and agentic risk

Overview

The skill’s main mind-map function is coherent, but it adds mandatory remote update checks and agent-run self-updating from GitHub that users should review before installing.

Install only if you are comfortable uploading document-derived Markdown to ProcessOn and with the skill checking GitHub for updates before use. Prefer manual or platform-mediated updates instead of letting the agent run the force-update command, and avoid using cleanup flags on files you did not create specifically for this run.

SkillSpector (5)

By NVIDIA

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: The skill makes remote version checking and update gating mandatory before performing its core summarization task, even though that behavior is unrelated to converting documents into mind maps. This creates an unnecessary external control point where remote content can interrupt normal operation and influence agent behavior, increasing the risk of supply-chain abuse or coerced upgrade flows.

Context-Inappropriate Capability

High

Confidence: 99% confidence
Finding: The skill instructs the agent to run shell commands and install/update code directly from GitHub via npx, which is far beyond what is needed for document summarization. Executing remotely sourced installation commands exposes the environment to supply-chain compromise, arbitrary code execution, and persistence risks if the upstream repository or dependency chain is tampered with.

Context-Inappropriate Capability

Medium

Confidence: 90% confidence
Finding: The skill directs the agent to submit user-provided or extracted document content to a cloud service, which can expose sensitive text from PDFs, reports, meeting notes, or images to an external party. While cloud rendering may be part of the product design, the manifest does not clearly foreground this data egress or require explicit consent at the moment of transmission.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The client sends the full markdown content to an external ProcessOn API endpoint over the network, but this file does not provide any explicit user-facing disclosure, confirmation, or redaction safeguards before transmission. In a document-processing skill, users may provide sensitive notes, reports, meeting minutes, or internal documents, so silent outbound transfer creates a real confidentiality and privacy risk even if the destination service is legitimate.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The script can delete a user-specified markdown file after processing when --cleanup-markdown-file is used, and it may also auto-delete files from temp or .agents/cache paths. Although intended as cleanup behavior, deletion of user-controlled input files can cause unintended data loss if users misunderstand the flag or if a valuable file resides in a path classified as temporary/cache.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal