Back to skill

Security audit

Discovery Engine

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed research-extraction helper that fetches public paper metadata, saves generated JSON locally, and optionally guides the user through publishing those results to GitHub.

Install only if you are comfortable with the skill fetching public paper metadata from research APIs and saving extraction JSON locally. Review batch files before using the optional GitHub submission steps, because those commands can publish the saved results and metadata through your GitHub account.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrase "Extract some papers" is broad and resembles normal conversation, increasing the chance of accidental activation. In this skill, accidental activation is more concerning because the workflow can initiate discovery, create local files, and potentially lead toward network-backed submission actions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The instructions tell the agent to write extraction outputs to a temporary or arbitrary local path, but the skill description does not prominently warn users that content derived from papers will be persisted locally. Hidden persistence increases privacy and data-handling risk, especially if abstracts or user-supplied text are sensitive or if files are written to shared locations.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill includes a workflow to fork a repository, clone it, copy local outputs, push a branch, and create a pull request, yet this outbound publication path is only presented as an operational step rather than a clear risk disclosure. If used without strong consent cues, users may unintentionally upload locally generated content or metadata to GitHub, causing data leakage and account misuse.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.