SDD Brainstorming

Security checks across malware telemetry and agentic risk

Overview

This design-planning skill is coherent and documentation-only, but it needs review because it automatically starts background image generation and writes project specs with limited user control.

Install only if you want a Chinese-language SDD brainstorming workflow that reads project context and writes spec files. Review the background /gen-image step first, because it may create files, incur cost, or send project/design details to an image-generation tool without a separate approval or image-count limit.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Natural-Language Policy Violations

Medium

Confidence: 92% confidence
Finding: The skill hard-codes Chinese for both the design document and user-facing completion message without any language or locale negotiation. This can override explicit user preferences, reduce comprehension, and cause incorrect approvals or downstream mistakes when users or connected tools expect another language.

Natural-Language Policy Violations

Medium

Confidence: 89% confidence
Finding: The metadata and core principles describe a mandatory Chinese-only workflow, indicating the restriction is systemic rather than incidental. In a multi-user or multilingual environment, this can lead to misunderstood requirements, inaccessible outputs, and policy noncompliance where language choice or accessibility is required.

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal