Doc Factory

Security checks across malware telemetry and agentic risk

Overview

This is a small instruction-only skill for making PDFs and posting them between Discord channels, with the posting behavior disclosed and no hidden installer or persistence found.

Install this only if you want the agent to create PDFs and post files/messages into Discord channels. Before use, confirm the exact destination channel, source channel, and document contents, and keep the Discord bot or account limited to the channels where this workflow is intended.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The manifest description includes broad trigger phrases such as '문서 만들어줘', 'PDF 만들어줘', and '리스트 정리해줘', which can cause the skill to activate for a wide range of loosely related requests. Because this skill performs side effects in Discord by generating documents and posting cross-channel links, overbroad activation increases the risk of unintended data disclosure or actions in the wrong context.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill description explains that it will upload generated documents to a target Discord channel and post reciprocal channel links, but it does not warn users that content will be published across channels. In a multi-channel environment, this can expose sensitive document contents, workflow metadata, or channel relationships to unintended audiences if the user does not realize the skill performs cross-channel posting.

VirusTotal

56/56 vendors flagged this skill as clean.

View on VirusTotal