Content Pipeline

Security checks across malware telemetry and agentic risk

Overview

This appears to be a coherent content/research workflow skill that writes local queue/research files and fetches user-provided URLs for its stated purpose.

Install only if you are comfortable with the skill creating or updating local queue/research files and retrieving URLs you provide. Do not use it on private intranet, authenticated, or sensitive links unless you explicitly want that content processed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill explicitly instructs reading and then writing back project files such as `content-queue.json` and research artifacts, but it does not warn the user that invoking the command will mutate local workspace data. In an agent setting, silent state changes can surprise users, overwrite prior content, or create unintended files, especially when triggered by a simple slash command.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The `/pipeline url <url>` flow tells the agent to fetch arbitrary external URLs without any privacy, trust-boundary, or content-safety warning. This can expose user-supplied URLs or internal-only links to external retrieval behavior, and may ingest untrusted content into later drafting stages without informing the user of the risks.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal