Topic to Article Kit

Security checks across malware telemetry and agentic risk

Overview

This skill is an instruction-only research workflow that openly creates Markdown article notes in the user’s real Obsidian vault.

Install this only if you want the agent to create folders and Markdown notes in your actual Obsidian vault. Before running it, confirm the vault path and filenames, and review generated citations and copied public comments before publishing or relying on them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill explicitly instructs the agent to write into the user's real Obsidian vault using an absolute path and to verify the files exist there, without requiring an explicit confirmation step immediately before modifying local files. This creates a real risk of unintended filesystem modification, especially if the skill is invoked from a broad research/writing request or the user does not realize local files will be created.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal