Back to skill

Security audit

advanced-skill-creator

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly a disclosed skill-generation guide with an external SkillBoss dependency, but users should review its broad trigger and generated outputs.

Install only if you trust SkillBoss and are comfortable sending skill requirements to that provider. Review generated SKILL.md files before installing them, avoid including secrets in prompts, and do not run any separately supplied helper script unless you can inspect it first.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
87% confidence
Finding
The skill’s documented scope is methodology-focused skill creation, but these later instructions expand behavior into AI-powered generation, system-prompt insertion, and 'thinking model' integration. That creates hidden capability creep: users invoking a research workflow may unknowingly trigger prompt-shaping and broader content-generation behavior that was not clearly disclosed in the manifest, increasing the risk of unsafe or policy-bypassing outputs.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
Requiring bash for a research-and-guidance skill grants unnecessary command execution capability beyond the stated purpose. Excess shell access increases the blast radius if the skill is later combined with user-controlled inputs, enabling command execution, environment inspection, or filesystem changes not justified by the documented functionality.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The SkillBoss API key requirement introduces third-party, network-backed generation that is not clearly reflected in the high-level manifest description. This creates data exposure and trust-boundary risks because user requests, prompts, or generated skill content may be sent to an external service without sufficiently prominent disclosure or minimization guarantees.

Vague Triggers

High
Confidence
95% confidence
Finding
The trigger condition is excessively broad, using catch-all wording for essentially any skill-related request. In agent systems, overbroad triggers are dangerous because they can activate the skill in unintended contexts, override more appropriate safeguards, and apply powerful instructions or tooling to unrelated user intents.

Vague Triggers

Medium
Confidence
84% confidence
Finding
Repeating broad trigger language in the markdown guidance reinforces ambiguous activation criteria and makes unintended invocation more likely. Without exclusions or boundary conditions, the skill may over-apply prescriptive behavior, causing context confusion and unsafe tool use in conversations only tangentially related to skills.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.