Back to skill

Security audit

Deep Reading (Zettelkasten)

Security checks across malware telemetry and agentic risk

Overview

This is a coherent deep-reading note workflow that creates and links Markdown notes in a knowledge vault, with no evidence of credential use, exfiltration, destructive commands, or hidden execution.

Install this only if you want an agent to write, move, and cross-link Markdown notes in your knowledge vault. Confirm the daily and index paths before running it, review any companion skills it calls, and keep backups or inspect diffs when it edits existing index notes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill goes beyond producing deep-reading notes and explicitly directs the agent to create folders, move files, and modify existing index notes across the broader knowledge base. That scope expansion increases the blast radius from a single task artifact to cross-repository state changes, creating risk of unintended overwrites, incorrect link insertion, and unauthorized modification of unrelated notes.

Description-Behavior Mismatch

Low
Confidence
88% confidence
Finding
The skill mandates invoking other skills such as structure-note and index-note, introducing orchestration behavior not declared in the manifest. Hidden delegation widens execution scope and can transitively inherit unsafe behavior, permissions, or side effects from referenced skills without the caller realizing it.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The mandatory workflow-audit phase forces execution of another skill and creation of an additional audit report unrelated to the core reading output. This expands the task into secondary automation and extra file generation, increasing opportunities for unexpected writes, chained side effects, and privilege creep through transitive skill calls.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.