Back to skill

Security audit

Article Review Platform

Security checks across malware telemetry and agentic risk

Overview

This article workflow skill appears legitimate, but it needs review because it teaches agents to create, update, publish, and delete live records without clear confirmation safeguards.

Install only if you are comfortable giving the agent authority over live article workflow records. Treat every create, update, publish, or delete example as a real production action unless you have verified a sandbox endpoint, and require explicit human confirmation before any write, publication, or deletion.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill exposes a DELETE operation for articles even though the documented workflow is review and publishing, not record destruction. In an agent setting, including an unnecessary destructive endpoint increases the chance of accidental or unauthorized deletion through mis-triggering, prompt confusion, or overbroad tool use.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrases include broad generic terms such as 'review', '平台API', and '发布文章', which can cause the skill to activate in unrelated conversations. Because this skill includes state-changing operations, unintended invocation raises the risk of accidental reads, updates, or destructive actions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill documents multiple state-changing operations, including POST, PUT, and DELETE, without explicit warnings or confirmation requirements. In an autonomous or semi-autonomous agent workflow, this makes accidental status changes, publishing actions, log writes, or deletions more likely, especially when combined with broad triggers.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The document provides direct instructions to change article workflow state and push content to external platforms via API calls, but it does not warn the operator that these actions are state-changing and may trigger real publication. In an agent skill context, this increases the risk of unintended mass publishing, status corruption, or external side effects if the guidance is followed automatically or without explicit confirmation.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The reviewer guide includes direct HTTP PUT commands that mutate article state and review_round values, but it does not warn the operator that these actions modify live backend data. In an agent-skill context, this is dangerous because an automated agent may execute the commands as procedural guidance, causing unintended workflow transitions or state corruption without explicit user confirmation.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill provides a ready-to-run POST request that creates article records and transmits potentially sensitive local metadata such as project_path, but it does not warn the user that this mutates backend state or may disclose filesystem information. In an agent setting, such instructions can lead to unintended writes and metadata exfiltration if followed automatically or without explicit user confirmation.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The PUT example changes persisted article workflow state, but the documentation does not clearly warn that it modifies stored records. In an automated or semi-automated agent workflow, this can cause accidental state transitions that disrupt review and publishing processes.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.