Document Diff

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it compares two user-selected documents by sending them to SoMark for parsing and writing local diff reports.

Install only if you are comfortable uploading the compared documents to SoMark. Avoid highly confidential, regulated, or client-restricted files unless you have permission and trust SoMark's handling of the data. Keep SOMARK_API_KEY in the environment rather than chat, and expect parsed Markdown plus diff files to be saved in the output directory.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill uploads the full contents of both user-supplied documents to the external SoMark API for parsing, but the CLI does not provide an explicit privacy notice, consent prompt, or data-transfer warning at the point of use. This is dangerous because users may unknowingly send sensitive or regulated content off-host to a third party, creating confidentiality, compliance, and data residency risks.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal