prompt-inject-removal-p

Security checks across malware telemetry and agentic risk

Overview

This is a prompt-only helper for summarizing untrusted content, with overconfident security wording but no hidden access, credential use, persistence, or destructive behavior found.

Use this only as defense-in-depth for summarizing untrusted pages or documents. Do not treat it as a complete security boundary, and review sanitized summaries before allowing an agent to send messages, edit files, delete data, or take other consequential actions. Inspect setup.sh before running it because it writes files into the selected directory.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Tp4

High

Category: MCP Tool Poisoning
Confidence: 95% confidence
Finding: The skill markets itself as a robust prompt-injection removal security layer, but the file only describes a prompt-based summarization workflow and documentation. This can create dangerous reliance on nonexistent protections, causing users or downstream agents to trust sanitized output as safe when no real detection or removal mechanism is implemented.

Intent-Code Divergence

Medium

Confidence: 91% confidence
Finding: The manifest says the skill detects and removes prompt injection attempts, while the body says it summarizes untrusted content through a sanitization prompt. In a security context, this discrepancy is risky because prompt-only filtering is not equivalent to reliable detection/removal, and users may overtrust the output during sensitive workflows.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal