Auteng Docs Curl Publish

Security checks across malware telemetry and agentic risk

Overview

This skill appears benign: it only shows curl commands to publish user-chosen markdown to AutEng and return a shareable link, so the main risk is accidental upload of sensitive content.

Install only if you are comfortable sending the markdown you choose to AutEng for hosted rendering and link sharing. Avoid publishing secrets, credentials, private notes, proprietary documents, internal diagrams, regulated data, or personal information unless you intend that content to leave your environment; use an expiration when appropriate.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (3)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill instructs users to POST arbitrary markdown to an external AutEng endpoint but does not clearly warn that the full document content will be transmitted off-platform to a third-party service. This creates a real risk of unintended disclosure of sensitive or proprietary data because users may paste internal documentation, credentials, architecture details, or other confidential content into the request without informed consent.

External Transmission

Medium

Category: Data Exfiltration
Content: description: Publish markdown and return share links using curl. Support markdown with mermaid diagrams such as component diagrams, flowcharts, and sequence diagrams. Also supports KaTex and code blocks. AutEng will return a shareable link to the published rendered document. --- # AutEng Docs Curl Publish Use this endpoint:
Confidence: 93% confidence
Finding: Curl Publish Use this endpoint: `https://auteng.ai/api/tools/docs/publish-markdown/` Send JSON with: - `markdown` (required) - `title` (optional) - `expires_hours` (optional) Use this command to

External Transmission

Medium

Category: Data Exfiltration
Content: Extract a compact success payload: ```bash curl -sS -X POST "https://auteng.ai/api/tools/docs/publish-markdown/" \ -H "Content-Type: application/json" \ -d '{"markdown":"# Hello\n\nPublished from curl."}' \ | jq '{title, share_url, expires_at}'
Confidence: 91% confidence
Finding: curl -sS -X POST "https://auteng.ai/api/tools/docs/publish-markdown/" \ -H "Content-Type: application/json" \ -d

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal