Back to skill

Security audit

Data Analysis

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real AnyGen data-analysis skill, but it can send user datasets to a remote service and tells the agent to install another skill without confirmation.

Review before installing. Use it only for datasets you are allowed to send to AnyGen, keep API keys out of chat logs, and do not allow the automatic installation of the extra anygen-workflow-generate skill unless you have reviewed and approved that dependency.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill metadata and description present this as a generic data-analysis capability, but the body discloses that processing happens server-side at AnyGen. That mismatch can cause users or calling agents to send potentially sensitive datasets off-device without informed consent, creating privacy and data-handling risk.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill includes authentication flows and remote service usage instructions, including browser login and API key handling, even though the skill framing suggests ordinary data analysis. This expands the trust boundary to an external service and increases the chance of credential misuse or unexpected external transmission of user data.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger description is very broad, covering nearly any request involving analysis, charts, reports, or visualization. Overbroad activation increases the likelihood that the skill is invoked for sensitive datasets or contexts where the user did not intend third-party remote processing.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill states that analysis occurs server-side at www.anygen.io but does not provide a clear upfront warning in the skill description that user data will be transmitted to a remote service. This is dangerous because users may provide confidential business, financial, or personal data under the assumption of local analysis, causing unintended disclosure.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.