paper-architecture-diagram

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill does what it says: uploads a named local paper to Gemini, extracts diagram prompts, and saves them to a local text file, with the main risk being an overwrite of that output file.

Install only if you are comfortable uploading the selected PDF to Gemini, using the currently signed-in Gemini account, and replacing any existing file at /home/xie/桌面/analysis/{{paper_name}}.txt. Use a simple paper_name value without path separators.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill explicitly instructs the agent to overwrite a local file at a fixed path and frames successful file writing as the only valid completion condition. This creates a real integrity risk because it can modify or destroy existing local data without any user confirmation, conflict check, backup, or warning about overwrite behavior.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal