Back to skill

Security audit

Game Asset Generation Cellcog

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward CellCog game-asset helper; its main risk is that prompts and project details may be sent to an external service.

Before installing, treat CellCog prompts like submissions to an external AI service. Avoid sending secrets, unreleased proprietary material, regulated data, or client-owned assets unless you are allowed to share them with CellCog.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill instructs users to send arbitrary prompts and potentially project-specific game design details to CellCog, an external service, but does not clearly disclose this data transfer or its privacy implications. Users may unknowingly transmit proprietary assets, unreleased game concepts, internal design docs, or other sensitive information outside their environment, creating confidentiality and compliance risk.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.