Back to skill

Security audit

Svg Education Animator

Security checks across malware telemetry and agentic risk

Overview

This is a simple educational SVG/HTML animation skill with no hidden access, install-time code, persistence, or credential use.

Install this if you want an agent to generate educational SVG/HTML animation snippets. Because it outputs browser-previewable HTML, review generated code before opening or sharing it, especially if later prompts ask for scripts or external resources.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger conditions are very broad and include generic educational-animation phrases, which can cause the skill to activate for many ordinary requests that are not specifically asking for this exact capability. Over-broad invocation increases the chance of unintended routing, reduced user control, and the generation of large HTML/SVG outputs in contexts where a simpler or different response would be safer or more appropriate.

Natural-Language Policy Violations

Medium
Confidence
84% confidence
Finding
Forcing the skill language to Chinese without user choice can override user expectations and reduce transparency, especially in multi-language environments. While not directly enabling code execution or data exfiltration, it can cause confusing outputs, impair review of generated HTML content, and increase the risk of misuse if users cannot easily understand or validate the result.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.