Api Documentation

Security checks across malware telemetry and agentic risk

Overview

This is a small API documentation helper with no executable code, install scripts, credential access, persistence, or hidden behavior found.

Safe to install as an instruction-only API documentation helper. Because it may activate for broad API-doc requests, users should review generated specs and examples carefully and avoid including real secrets, tokens, or private credentials in sample API calls.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The skill uses very broad example triggers such as generating API docs, Swagger configs, and sample code without clearly constraining scope or activation conditions. This can cause the agent to invoke the skill for many ordinary software requests, leading to prompt routing confusion, untrusted context mixing, or the skill influencing tasks outside its intended boundary.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal