Article Analyzer

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward article-analysis prompt that opens user-provided article links and optionally saves the resulting report to Feishu when the user asks.

Install this if you are comfortable with the agent opening article links you provide. Avoid private, internal, or sensitive URLs, and review the generated analysis before asking it to create a Feishu document because that will store the report outside the chat.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill instructs the agent to fetch arbitrary user-supplied web and WeChat links, including use of a browser path specifically to bypass anti-scraping friction, without any privacy notice or trust boundary explanation. This can cause the system to transmit user-provided URLs and potentially sensitive query tokens to external sites or embedded third parties, creating privacy, tracking, and unintended data-handling risk.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill can create a Feishu document containing the analysis report, but it does not warn the user that fetched article content and derived analysis may be written to an external document service. This creates a clear data egress path where copyrighted, sensitive, or user-provided content could be stored or shared outside the chat context without informed consent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal