Doc Generator

Security checks across malware telemetry and agentic risk

Overview

This README generator is purpose-aligned and low risk, with the main caution that it may read project files and create or replace README content.

Safe to install for README generation. Use it on repositories where you are comfortable having project structure and source examples inspected, and ask the agent to preview or diff the README before replacing an existing file.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The trigger phrases are broad enough to match routine documentation-related requests, which increases the chance this skill is invoked when the user did not explicitly intend to run a codebase-analyzing README generator. Because the skill inspects project structure and source files to produce output, unintended activation could expose repository contents or cause the agent to take actions outside the user's immediate intent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal