Technical Documentation Translator

Security checks across malware telemetry and agentic risk

Overview

This translation skill is coherent and purpose-aligned, but users should be aware it writes translated output files directly.

Install only if you are comfortable with the skill creating translation files in the source or current directory. Before using it on important folders, check the proposed output name and avoid paths where an existing file could be overwritten.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill mandates writing translated content directly to a file in the source or current directory, but provides no requirement for explicit user confirmation, safe-path validation, or overwrite protection. In an agent setting, this can cause unintended filesystem modification, clobber existing files, or write attacker-influenced content to sensitive locations if a path is supplied by the user.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal