Security audit

report-writing-skills

Security checks across malware telemetry and agentic risk

Overview

This skill is not malware-like, but it overstates its abilities and can make users believe real logins, downloads, and PDF reports happened when the scripts mostly simulate them.

Install only if you treat it as a prototype or demo workflow. Do not rely on its generated reports as evidence that source reports were downloaded or reviewed, and avoid providing valuable site credentials unless the skill is updated to perform real scoped authentication, verified downloads, and truthful output-format reporting.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (7)

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The script prints success messages for website authentication and report downloading even though it only simulates those actions and writes placeholder metadata. This is a deceptive automation/integrity issue because downstream users or agents may rely on fabricated execution status and believe authenticated access or data acquisition actually occurred.

Intent-Code Divergence

Medium

Confidence: 92% confidence
Finding: The module docstring advertises a complete automated research workflow, but the implementation mainly uses hard-coded data and generated report text. In an agent skill context, this misrepresentation can cause users or orchestrators to trust fabricated analysis outputs as if they were derived from real external research.

Intent-Code Divergence

Medium

Confidence: 94% confidence
Finding: The workflow claims to download reports, asks the user for a save location, and displays download progress, but never performs any network retrieval or writes downloaded report files. This is a deceptive implementation that can mislead downstream agents or users into believing source material was collected and preserved when no such evidence exists, undermining traceability and decision-making.

Intent-Code Divergence

Medium

Confidence: 96% confidence
Finding: The code presents the generated artifact as a PDF report, constructs a .pdf path, and announces PDF generation, but actually writes a Markdown file by replacing the extension before saving. This mismatch can cause users or other automation to trust an output format that was never produced, leading to failed processing chains, misdelivery, or improper handling of the report.

Intent-Code Divergence

Low

Confidence: 87% confidence
Finding: The login function accepts a URL, username, and password and reports successful authentication after a delay without performing any authentication. In an automation skill, this can mislead callers into assuming access controls were validated, causing subsequent steps to operate on false trust assumptions and potentially exposing workflows that depend on authenticated state.

Intent-Code Divergence

Low

Confidence: 86% confidence
Finding: The search function claims to search content by keyword and date range but only prints success and returns an empty list. This creates a false assurance that discovery occurred, which is especially risky in a research/reporting workflow because reports may be generated from nonexistent or incomplete source inputs.

Missing User Warnings

Low

Confidence: 88% confidence
Finding: The skill explicitly states it will download content to a local directory and save generated PDF files, but it does not clearly disclose the local system impact, permission expectations, or guardrails around where files will be written. This can lead to unintended file creation or overwriting on the user's machine, especially because the workflow defaults to desktop storage and involves automated downloads from a remote site.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.