Distil the web & PDFs into markdown

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward Distil web-proxy helper; the main caution is that URLs, searches, and fetched content go through the configured proxy.

Install this only if you trust Distil or your configured self-hosted proxy. Avoid sending secret-bearing URLs, private internal endpoints, regulated data, or sensitive research queries unless that proxy is approved, and treat fetched page content, including any proxy-inserted comments, as untrusted source material.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill routes user-supplied URLs and search queries through an external proxy service, but the description does not clearly warn users that their requests and associated metadata are sent to a third party. This can lead to unintentional disclosure of sensitive URLs, internal endpoints, tokens embedded in query strings, or private research activity, especially when an agent uses the skill automatically.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal