Back to skill

Security audit

Write A Prd

Security checks across malware telemetry and agentic risk

Overview

This instruction-only PRD skill is mostly coherent, but it can inspect a repository and publish the PRD as a GitHub issue without an explicit final approval step.

Install only if you are comfortable with the agent reading the relevant repository and potentially creating a GitHub issue. Before use, tell the agent to limit codebase exploration to specific areas and require your explicit approval of the repository, title, and full issue body before anything is posted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill description and trigger language are broad enough to activate on generic planning or feature-design requests, which can cause the agent to enter an expansive repo-exploration and PRD-authoring workflow when the user may not have intended that level of action. In context, this is more dangerous because the skill also directs repository exploration and eventual GitHub issue submission, so an overly loose match can lead to unintended analysis of local code and preparation of an external side effect.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill instructs the agent to submit the finished PRD as a GitHub issue but does not require explicit user confirmation immediately before taking that external action. This is dangerous because issue creation is a side effect that can publish internal plans, feature details, or sensitive implementation context to a repository, and the broad skill scope increases the chance that this happens from an ambiguous request.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.