Markdown Lint

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward Markdown lint setup helper, but it can rewrite Markdown files and install a commit hook when the user runs its documented commands.

Install this only in repositories where you want markdownlint rules and a pre-commit hook. Before running the batch-fix commands, start from a clean git state, preview the file list, and review the diff afterward; the hook may block commits until Markdown files pass the configured checks.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill includes a batch rewrite loop that overwrites repository files in place using awk and mv. Although the goal is legitimate, the instructions automate destructive edits across many files without a prominent warning to review changes, back up work, or use version control safeguards, which increases the risk of accidental data loss or unintended repository-wide modifications.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal