Back to skill

Security audit

Pdf Document Generation Cellcog

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent CellCog document-generation helper, but users should understand that document prompts and contents may go to an external service.

Before installing, treat CellCog as an external document-generation provider: do not submit secrets, regulated data, confidential client material, or sensitive legal/financial details unless you are comfortable sending them to that service. Legal, finance, privacy-policy, and contract outputs should be reviewed by qualified professionals before use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill instructs users to send prompts and potentially sensitive document content to CellCog and notes the need for a CELLCOG_API_KEY, but it does not clearly warn that all supplied content is transmitted to an external third-party service. For a document-generation skill covering resumes, contracts, invoices, and legal materials, this omission can cause users to unknowingly disclose personal, financial, or confidential business data.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill promotes generation of contracts, NDAs, terms of service, privacy policies, and other legal/finance documents without warning that outputs may be inaccurate, incomplete, or unsuitable for a user's jurisdiction. Users may rely on these documents as authoritative, leading to legal, compliance, or financial harm if the generated content is flawed.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.