Security audit

Summarize Garrison

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward summarization skill, with normal privacy and supply-chain considerations around the external CLI and AI providers it uses.

Install only if you trust the summarize Homebrew formula and the AI/extraction providers you configure. Use scoped API keys where possible, watch for provider billing, and avoid summarizing confidential local files or private URLs unless you accept those providers' data-handling terms.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill encourages summarizing URLs, local files, PDFs, images, audio, and YouTube content, and it explicitly references external model providers and fallback services such as Google, OpenAI, Anthropic, Firecrawl, and Apify. Without a clear user warning that submitted URLs, file contents, and possibly extracted media may be transmitted to third-party services, users may unknowingly expose sensitive local documents or private web content to external processors.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.