Back to skill

Security audit

product-rnd

Security checks across malware telemetry and agentic risk

Overview

This report-generation skill is mostly coherent, but it can create recurring daily research automation without clear user opt-in or removal guidance.

Install only if you are comfortable with a skill that creates local project files and may attempt recurring daily trend searches. Before using it, tell the agent not to create cron or scheduler jobs unless you explicitly request them, and review generated market claims before relying on the report for business decisions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill instructs the agent to set up a recurring cron/scheduler job for ongoing trend collection, which materially exceeds a one-shot report-generation workflow and creates persistent side effects. Persistence is security-relevant because it can cause unbounded future network activity, file writes, and surprise behavior after the original user task is complete.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
Offering file-sharing or upload capability expands the skill from local report generation into external data dissemination, which is a meaningful privilege escalation from the manifest's stated purpose. If used on sensitive research outputs, it could expose proprietary or confidential information to unintended destinations.

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
Invoking an external Python script introduces code execution beyond the core reporting task and assumes the presence of another skill and executable path. This increases attack surface because external scripts may have their own vulnerabilities, may process untrusted HTML, and may perform additional filesystem or network actions outside the user's expectation.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The manifest uses broad trigger language such as 'use whenever' and several generic product-related phrases, which can cause the skill to activate in contexts broader than intended. Overbroad activation is dangerous because it can unexpectedly apply powerful file-writing, web-research, and image-generation behaviors to ordinary requests that did not warrant them.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill directs the agent to create notes, HTML reports, images, signals files, and possibly PDFs on the local filesystem without requiring user-facing disclosure or consent. Hidden persistent writes are security-relevant because they can consume storage, leave sensitive artifacts behind, and surprise users who expected an ephemeral analysis-only interaction.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.