Security audit

Probe First Research

Security checks across malware telemetry and agentic risk

Overview

This is a coherent web-research workflow skill; its local note-writing behavior is worth noticing but matches long research sessions and is disclosed in the artifact.

Install this if you want a structured research workflow. For sensitive topics, be aware that long or multi-agent runs may create a local research-state.md-style file with notes and sources; delete or restrict that file if you do not want research details retained.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Context-Inappropriate Capability

Medium

Confidence: 91% confidence
Finding: The skill instructs persistent file writes of intermediate research state even though this is not necessary for basic probe-first research. This can retain sensitive user queries, URLs, notes, and derived findings on disk, increasing exposure through later reuse, unintended disclosure, or cross-task access.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: Automatically creating a working file without a user-facing warning introduces hidden persistence. Users may reasonably expect a research assistant to be ephemeral; silent file creation can store sensitive research topics or personal/business context and make that information available beyond the immediate interaction.

Ssd 3

Medium

Confidence: 88% confidence
Finding: Proactively scanning conversation history and referenced files for prior research expands collection beyond the user's immediate request and can pull in unrelated sensitive context. This creates unnecessary data access and increases the chance of using or resurfacing private information that the user did not intend to include in the current task.

Ssd 3

Medium

Confidence: 93% confidence
Finding: Persisting intermediate research state to disk can store sensitive user-provided content and later reintroduce it in future sessions or contexts. The danger is amplified because research sessions may involve proprietary plans, personal topics, or regulated information, and the persistence is framed as automatic recovery behavior.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal