Thoth

Security checks across malware telemetry and agentic risk

Overview

This documentation skill does what it advertises, but it broadly exposes source files to the agent/model context and installs a package in the system Python environment.

Install only for repositories you are comfortable exposing to the agent/model context. Review PROJECT_PATH first, remove secrets or sensitive files, use an isolated Python environment instead of system Python, and choose an OUTPUT_DIR where overwriting the three generated markdown files is acceptable.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Context-Inappropriate Capability

Medium

Confidence: 79% confidence
Finding: The skill instructs installing a package with pip3 and uses --break-system-packages, which can modify the host Python environment in a risky way for a documentation workflow. Unnecessary dependency installation increases supply-chain exposure and can damage or destabilize the local system.

Vague Triggers

Medium

Confidence: 82% confidence
Finding: The description says the skill reads your entire project and generates documentation, but it lacks clear trigger constraints, scope limits, or exclusions. Broad invocation language makes accidental use on sensitive repositories more likely and increases the chance of over-collection.

Missing User Warnings

High

Confidence: 95% confidence
Finding: The skill description does not clearly warn that it will read and print project file contents into the model context. In this skill context, that omission is dangerous because source code, embedded secrets, proprietary logic, and metadata may be exposed to the model and reproduced in generated docs.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The skill directs the agent to save generated files to disk without a prominent user-facing warning at the point of action. Silent writes can overwrite expected outputs, create documentation containing sensitive content, or leave persistent artifacts in unintended locations.

Ssd 3

Medium

Confidence: 98% confidence
Finding: The skill explicitly prints up to 25 code files, symbol information, and metadata into prompt context for downstream document generation. This creates a direct natural-language data leakage path where secrets, internal code, proprietary implementations, or sensitive comments can be surfaced to the model and then written into output files.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal