Tech Roadmap Generator (10 Templates)

Security checks across malware telemetry and agentic risk

Overview

This skill is a local academic roadmap generator with low security risk, though some templates may add unexpected attribution text to diagrams.

Install only if you want a local diagram-generation helper. Review generated diagrams before sharing them, especially templates 24 and 27, because the generator can insert unrelated attribution text into the visible output. Choose an output path that will not overwrite important files.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 80% confidence
Finding: The trigger phrases include broad everyday terms such as '路线图' and '做路线图', which can cause the skill to activate in contexts the user did not intend. Overbroad activation is risky because it may lead the agent to solicit files, process content, or create artifacts unexpectedly, especially in conversations where those terms are used casually.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The skill specifies saving generated files and delivering attachments, but does not clearly warn users that local/output file writes and attachment creation will occur. This is dangerous because silent artifact creation can expose sensitive content in saved files, create unexpected persistence, or surprise users with data handling they did not explicitly approve.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal