Thoth Pro

Security checks across malware telemetry and agentic risk

Overview

This documentation skill is mostly purpose-aligned, but it needs Review because it prints project source and git history and enables source-file docstring injection by default.

Install only if you are comfortable letting the skill read the target repository, expose selected source snippets and git history to the agent session/logs, and potentially modify Python files. Set INJECT_DOCSTRINGS=no and GENERATE_CHANGELOG=no unless you explicitly want those behaviors, and run it on a copy or clean working tree.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Context-Inappropriate Capability

Medium

Confidence: 96% confidence
Finding: The skill reads up to 5,000 bytes from as many as 30 source files and prints them to stdout, then also prints recent git history. This broad exfiltration of project contents is not strictly necessary for local documentation generation and can expose proprietary code, embedded secrets, internal comments, or sensitive commit metadata to the agent runtime, logs, or other downstream systems.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The skill description advertises broad 'full auto-documentation' behavior without clear trigger constraints, scope limits, or safety boundaries. Overly broad activation increases the chance the skill is invoked in contexts where users do not expect full repository scanning, git inspection, or source modification.

Missing User Warnings

High

Confidence: 95% confidence
Finding: The skill markets docstring injection but does not provide a clear upfront warning that it may modify source files. In an agentic environment, silent or poorly disclosed code modification can cause integrity issues, unexpected diffs, broken formatting, or unreviewed changes to production code.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill reads and prints source file contents and git history but does not clearly warn users about this privacy-sensitive behavior. Because repositories often contain secrets, proprietary logic, and identifying commit metadata, undisclosed broad read/print behavior materially increases confidentiality risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal