Back to skill

Security audit

Spec to ADR

Security checks across malware telemetry and agentic risk

Overview

This skill is a documentation helper that reads project plans and writes ADR markdown files in the repository, with no evidence of hidden or unrelated behavior.

Install this only if you are comfortable with an agent reading plan files and writing ADR documentation in your repository. Use a branch or review the generated ADR and README changes before committing, especially when superseding an older ADR. Static scan was clean and VirusTotal was still pending, so there was no artifact-backed malicious signal.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill directs the agent to create and modify files in the repository (`docs/adr/...` and `docs/adr/README.md`) as part of normal execution without any explicit user warning or confirmation about filesystem changes. In an agent setting, silent writes can surprise users, overwrite documentation, or alter tracked project state, especially when plan detection or ADR numbering selects files automatically.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The explicit instruction to create `docs/adr/` without asking permission removes an important safety checkpoint for filesystem modification. Even though creating an ADR directory is a common convention, forcing the action without consent can lead to unexpected workspace changes, policy violations, or unwanted commits in repositories where documentation structure is tightly controlled.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.