Security audit

Research Paper Compare

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill is coherently designed to compare research papers, with expected web and PDF retrieval but no code execution, credentials, persistence, or hidden behavior.

Install this if you are comfortable with the agent searching the web, opening paper links, downloading or extracting PDF text, and reading PDFs you provide. Prefer public academic sources and avoid private/internal URLs or confidential PDFs unless you intend them to be processed for comparison.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill instructs the agent to search the web, follow landing pages, and download external PDFs without any visible user-facing warning or trust restrictions. In this context, that can lead users to unknowingly trigger requests to untrusted domains, retrieve malicious or deceptive files, or expose metadata/network activity during paper resolution, especially when URLs are user-provided or discovered via search.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal