Security audit

Paper Reading Method Inspiration

Security checks across malware telemetry and agentic risk

Overview

This skill is a structured paper-reading workflow that creates research notes in a workspace and does not show hidden execution, credential access, exfiltration, or destructive behavior.

Install only if you want an agent to create and update structured research notes for this workflow. Before running it, confirm the workspace root and review generated file paths, especially when giving an existing artifact path, because the skill intentionally writes multiple markdown files.

SkillSpector

By NVIDIA

Vulnerability Patterns

Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Memory PoisoningPersistent Context Injection, Context Window Stuffing, Memory Manipulation
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Missing User Warnings

Low

Confidence: 96% confidence
Finding: The skill repeatedly instructs the agent to create, scan, and update files under a workspace directory, but it does not require explicit user confirmation immediately before performing filesystem writes. In an agent setting, this can lead to unintended modifications of local files or repositories, especially when path inference is based on user-provided artifact paths.

Memory Manipulation

High

Category: Memory Poisoning
Content: - source URLs for every source paper used - risks and weak links - light downstream routing hints - a clear statement that the library does not contain a Committed Method Design Write or update `method_candidate_libraries.md` as a cross-problem summary.
Confidence: 80% confidence
Finding: clear state

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal