Batch Processor 1.0.0

Security checks across malware telemetry and agentic risk

Overview

This is a transparent batch document-processing skill, but users should be careful because it can modify many files at once.

Use this skill only on clearly scoped folders, preferably copies or backed-up files. Start with a small sample, ask for a dry run or preview before renames and mass edits, and use a virtual environment for the optional Python packages.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The skill’s activation and usage instructions are broad enough to encourage handling arbitrary bulk file operations without clear scope limits, confirmation requirements, or safety boundaries. In a skill with file_operations, code_execution, and computer tool access, this increases the chance of unintended mass modification, deletion, or transformation of user data from ambiguous prompts.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill promotes bulk processing and includes examples like batch rename, organize, and mass update operations, but it provides no warning about the risks of large-scale file modification. In this context, absent safety messaging can lead users or agents to perform irreversible actions across many files without backups, previews, or explicit approval, amplifying the impact of mistakes.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal