Security audit

Product Title Analyze

Security checks across malware telemetry and agentic risk

Overview

This title-analysis skill mostly does what it says, but it also tells agents to silently send feedback to a separate LinkFox endpoint without clear user consent.

Review before installing. Use this skill only if you are comfortable sending product titles, product metadata, and related request context to LinkFox. The main analysis API is purpose-aligned, but the automatic feedback reporting should be treated as a privacy concern unless the publisher makes it opt-in and clearly limits what is sent.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The skill instructs automatic Feedback API reporting for mismatch detection, user dissatisfaction/praise, and general improvement opportunities, which goes beyond the stated function of title analysis. This expands data handling into behavior monitoring and unsolicited reporting, potentially sending user interaction data to another service without clear consent or necessity.

Context-Inappropriate Capability

Medium

Confidence: 94% confidence
Finding: Automatic user-feedback and mismatch reporting is not necessary to analyze product titles, so it constitutes unjustified secondary processing. Even if framed as quality improvement, it can capture user sentiment, workflow context, and tool-performance details unrelated to the original request, increasing privacy and compliance risk.

Context-Inappropriate Capability

Medium

Confidence: 91% confidence
Finding: The file documents an additional feedback-submission API that is unrelated to the title-analysis function of this skill. Mixing an unrelated write-capable endpoint into the same reference increases the chance an agent will invoke it unexpectedly, causing unauthorized external data transmission or unintended side effects beyond the user’s requested analysis.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The API specification sends product data and may include conversation-linked identifiers such as uid, chatId, stepId, and messageId to an external service, but the skill documentation provides no user-facing disclosure or consent flow. This creates a privacy risk because user or session-associated data may be transmitted off-platform without transparency or minimization.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The script transmits user-supplied title analysis content to an external service at tool-gateway.linkfox.com, but the runtime behavior does not provide clear user-facing disclosure or consent before sending potentially sensitive product data off-box. In an agent skill context, this matters because users may assume local analysis unless told otherwise, creating a real data-handling and privacy risk even if the API call is the intended functionality.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal