Back to skill

Security audit

Markdown-UI DSL: Zero-Hallucination UI Generation

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly a UI wireframing helper, but it also permits prompt-controlled file synchronization that can overwrite code or specs without confirmation.

Review carefully before installing. Use it for drafting UI specs and code only in version-controlled projects, avoid autonomous or force-sync wording on untrusted specs, and require a diff or explicit confirmation before allowing it to update linked component files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill is presented as a wireframing DSL tool, but it also authorizes locating and modifying code/spec files through two-way sync. That expands its operational scope from content generation into filesystem-affecting actions, which can surprise users and downstream agents and create unsafe write behavior if the capability is invoked without strong safeguards.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The skill description emphasizes Markdown-UI wireframes, but the instructions also direct translation into concrete frontend frameworks and generation/updating of code files. This mismatch can cause an agent or user to invoke what appears to be a low-risk formatting skill when it actually performs higher-risk code transformation and file manipulation.

Intent-Code Divergence

Medium
Confidence
87% confidence
Finding
The instruction to 'ONLY output the Markdown-UI DSL' conflicts with later directives to translate to concrete code and generate component files. Contradictory instructions increase the chance that an agent follows the more dangerous branch inappropriately, especially in automated contexts where ambiguity can lead to unintended code output or writes.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill allows bypassing confirmation for file modifications based on broad natural-language phrases like 'autonomously', 'without confirmation', or 'force sync'. This is dangerous because such phrases may appear in ambiguous user prompts or be injected indirectly, leading the agent to perform destructive synchronization without a robust, deliberate authorization step.

Ssd 1

High
Confidence
97% confidence
Finding
A natural-language override that disables the default confirmation check materially weakens the main safety barrier before file sync and overwrite operations. In a skill that can treat specs or code as the source of truth and update the counterpart file, this creates a realistic path to unauthorized or accidental destructive edits across a project.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.