Wip Readme Format

Security checks across malware telemetry and agentic risk

Overview

This README formatter is mostly coherent, but it contains a real shell-command injection risk when deploying in a repository with crafted README-init filenames.

Install only if you are comfortable running a README-writing CLI on repositories you trust. Use --dry-run or --check first, review the generated README-init files, and avoid --deploy on untrusted repositories until the git status check is changed to a safe argument-array call.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Context-Inappropriate Capability

Medium

Confidence: 92% confidence
Finding: The deploy review check builds a shell command with a filename interpolated into `execSync`, which means repository-controlled filenames are passed through a shell. Although the tool filters for names starting with `README-init-` and wraps them in quotes, shell metacharacters such as embedded quotes can still break out of the quoted context and cause command injection if a malicious repository contains crafted filenames.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal