Back to skill

Security audit

brainstorming

Security checks across malware telemetry and agentic risk

Overview

This is a brainstorming helper, but it broadly forces itself into creative work and tells the agent to write and git-commit design documents without clear user approval.

Review before installing. Use it only if you are comfortable with a skill that can steer broad creative tasks and create repository commits; ideally edit it to require explicit approval before writing files or running any git add/commit action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill is presented as a brainstorming/design aid, but its instructions expand into repository-modifying actions such as writing files and committing to git. This creates a scope mismatch that can mislead users or orchestration systems into granting a low-risk planning skill permissions or automatic invocation paths that result in unintended state changes.

Description-Behavior Mismatch

Low
Confidence
84% confidence
Finding
The documented workflow extends beyond design exploration into implementation setup, including worktree creation and plan generation. While not overtly malicious, this broadening increases the chance that a planning-only skill is invoked in contexts where downstream operational actions are unexpected or insufficiently reviewed.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger language says the skill 'MUST' be used before any creative work, which is extremely broad and can cause unnecessary or automatic invocation in many benign workflows. Overbroad mandatory triggers increase the attack surface for prompt steering and may force users or agents into a scripted process even when inappropriate, reducing user control and potentially cascading into file or repo modifications later in the skill.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill instructs the agent to write a design document and commit it to git without any explicit user-facing warning or confirmation step. In an agent environment, silent repository modification is dangerous because it can create unwanted files, pollute commit history, and persist model-generated content without informed consent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.