Back to skill

Security audit

Book-PDF: 书籍级PDF手册全流程

Security checks across malware telemetry and agentic risk

Overview

This skill is a visible, local PDF-manual generator, but users should review its default branding and external font loading before publishing sensitive or client-facing documents.

Install only if you are comfortable running local Node/Playwright scripts in a dedicated project directory. Review generated HTML before publishing, remove or replace the default author/social branding for your own organization or client work, and vendor fonts locally if external Google Fonts access is not acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The skill mandates insertion of fixed brand attribution and social promotion content unrelated to the user's requested handbook. This is dangerous because it can silently inject unsolicited promotional material into generated outputs, creating integrity, trust, and potential policy/compliance issues, especially in enterprise or client-facing documents.

Context-Inappropriate Capability

Low
Confidence
90% confidence
Finding
The stylesheet imports Google Fonts from an external URL, which causes network access during rendering and leaks metadata such as IP address, timing, and document-generation behavior to a third party. In a PDF-generation skill, this is a real supply-chain/privacy concern because rendering should ideally be deterministic and self-contained, especially for offline or sensitive document workflows.

Vague Triggers

High
Confidence
92% confidence
Finding
The trigger phrases are very broad, including common requests like '做一本书' or '做个完整指南', which increases the chance of unintended activation. In context, accidental activation is more dangerous because this skill then encourages shell usage, project scaffolding, dependency installation, and document generation steps the user may not have intended.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.