Thesis Review

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed thesis-review helper that reads user-provided thesis content and creates a Word review document, with no hidden code or network behavior found.

Install this if you want an agent to review thesis or dissertation material and generate a formatted Word report. Be aware that it may write a .docx file in the working directory, so check the filename/location and avoid using it for generic review requests unless you intend thesis-review behavior.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The trigger conditions are broad enough to match common requests like 'review this' or 'evaluate this paper', which can cause the skill to activate when the user did not explicitly request thesis-review behavior. In an agent setting, overly broad activation can redirect user intent, cause unnecessary document processing, and invoke downstream actions such as file generation without sufficiently informed consent.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill mandates creation of a .docx file in the working directory and presents it as required behavior, but does not require prior user confirmation or clearly warn that a local file will be written. In an automated agent environment, implicit file creation can surprise users, overwrite expected workspace state, or be chained with broad triggers to perform unintended side effects.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal