Security audit

SDD Global Init

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it initializes an SDD workspace by scanning a user-selected project, writing documentation, and optionally generating diagram images, with no hidden installer or destructive behavior found.

Install this only if you want a skill to inspect a chosen workspace and create SDD documentation under spec/global. Review the generated outline carefully before confirming, avoid selecting a workspace that contains unrelated private projects, and be aware that image prompts derived from your project may be passed to /gen-image.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (4)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill instructs the agent to scan the selected workspace and then create multiple directories and files under that workspace, but it does not present a clear up-front warning about the breadth of the scan or the extent of filesystem writes before proceeding. This weakens informed consent and can cause unintended disclosure of project contents into generated documentation or unintended modification of a user-selected directory, especially because the workspace may contain multiple projects.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The image-generation phase forwards descriptions derived from scanned project content to another skill/service without any privacy or data-handling disclosure. Even if only summaries are sent, those prompts can still expose sensitive architecture, feature names, integrations, or internal terminology from private codebases to a downstream component or external model-backed service.

Natural-Language Policy Violations

Medium

Confidence: 91% confidence
Finding: Mandating Chinese-only output without user choice is a policy and usability issue because it may cause the agent to ignore the user's preferred language and reduce the user's ability to review sensitive generated content accurately. In security-sensitive workflows, forcing an unexpected language can impair informed review and increase the chance that risky actions or disclosures are misunderstood.

Natural-Language Policy Violations

Medium

Confidence: 93% confidence
Finding: The rules enforce Chinese for all user-facing messages and generated documents, again removing user language choice. While this is not a classic exploit path, it creates avoidable safety and consent risk because users may misinterpret scan scope, write operations, or data-sharing behavior if the output language is not under their control.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal