Code To Doc

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill is focused on reading a project and writing documentation, with disclosed local search and documentation-update behavior.

Install only if you are comfortable with an agent reading project source/docs and writing markdown documentation plus OBSERVATIONS.md. Keep it scoped to the intended repository, avoid exposing secrets, review generated diffs before committing, and treat the SVG as inert content or disable its click handlers.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Vague Triggers

Medium

Confidence: 96% confidence
Finding: The trigger list includes broad, common phrases such as '生成文档', '更新手册', and '操作指南', which can cause the skill to activate in conversations that are only tangentially related. In an agent environment, accidental invocation can redirect workflow, cause unintended repository scanning, or generate/edit documentation without sufficiently explicit user intent.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The Mode A examples use vague expressions like '写文档' or '整理架构文档' without defining a strict boundary for when the skill should engage. That ambiguity increases the chance that routine discussion about documentation or architecture will trigger analysis behavior and potentially broader code/document access than the user intended.

Hidden Instructions

High

Category: Prompt Injection
Content: <line x1="68" y1="408" x2="640" y2="408" stroke="var(--color-border-tertiary)" stroke-width="0.5" style="fill:rgb(0, 0, 0);stroke:rgba(31, 30, 29, 0.15);color:rgb(0, 0, 0);stroke-width:0.5px;stroke-linecap:butt;stroke-linejoin:miter;opacity:1;font-family:"Anthropic Sans", -apple-system, BlinkMacSystemFont, "Segoe UI", sans-serif;font-size:16px;font-weight:400;text-anchor:start;dominant-baseline:auto"/> <line x1="68" y1="478" x2="640" y2="478" stroke="var(--color-border-tertiary)" stroke-width="0.5" style="fill:rgb(0, 0, 0);stroke:rgba(31, 30, 29, 0.15);color:rgb(0, 0, 0);stroke-width:0.5px;stroke-linecap:butt;stroke-linejoin:miter;opacity:1;font-family:"Anthropic Sans", -apple-system, BlinkMacSystemFont, "Segoe UI", sans-serif;font-size:16px;font-weight:400;text-anchor:start;dominant-baseline:auto"/>  <g onclick="sendPrompt('BRD/MRD 这两类文档在逆向提取时有哪些难点？')" style="fill:rgb(0, 0, 0);stroke:none;color:rgb(0, 0, 0);stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;opacity:1;font-family:"Anthropic Sans", -apple-system, BlinkMacSystemFont, "Segoe UI", sans-serif;font-size:16px;font-weight:400;text-anchor:start;dominant-baseline:auto"> <rect x="78" y="68" width="100" height="30" rx="6" stroke-width="0.5" style="fill:rgb(225, 245, 238);stroke:rgb(15, 110, 86);color:rgb(0, 0, 0);stroke-width:0.5px;stroke-linecap:butt;stroke-linejoin:miter;opacity:1;font-family:"Anthropic Sans", -apple-system, BlinkMacSystemFont, "Segoe UI", sans-serif;font-size:16px;font-weight:400;text-anchor:start;dominant-baseline:auto"/> <text x="128" y="87" text-anchor="middle" style="fill:rgb(15, 110, 86);stroke:none;color:rgb(0, 0, 0);stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;opacity:1;font-family:"Anthropic Sans", -apple-system, BlinkMacSystemFont, "Segoe UI", sans-serif;font-size:12px;font-weight:400;text-anchor:middle;dominant-baseline:auto">BRD / MRD</te ...[truncated 23 chars]
Confidence: 90% confidence
Finding:  <g onclick="sendPrompt('BRD/MRD 这两类文档在逆向提取时有哪些难点？')" style="fill:rgb(0, 0, 0);stroke:none;color:rgb(0, 0, 0);stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;opacity:1;fon

Hidden Instructions

High

Category: Prompt Injection
Content: <rect x="312" y="68" width="100" height="30" rx="6" fill="#534AB7" opacity="0.15" stroke="#534AB7" stroke-width="0.5" style="fill:rgb(83, 74, 183);stroke:rgb(83, 74, 183);color:rgb(0, 0, 0);stroke-width:0.5px;stroke-linecap:butt;stroke-linejoin:miter;opacity:0.15;font-family:"Anthropic Sans", -apple-system, BlinkMacSystemFont, "Segoe UI", sans-serif;font-size:16px;font-weight:400;text-anchor:start;dominant-baseline:auto"/> <text x="362" y="87" text-anchor="middle" fill="#3C3489" style="fill:rgb(61, 61, 58);stroke:none;color:rgb(0, 0, 0);stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;opacity:1;font-family:"Anthropic Sans", -apple-system, BlinkMacSystemFont, "Segoe UI", sans-serif;font-size:12px;font-weight:400;text-anchor:middle;dominant-baseline:auto">User Journey Map</text>  <g onclick="sendPrompt('PRD 逆向提取时最难推断的是哪些部分？')" style="fill:rgb(0, 0, 0);stroke:none;color:rgb(0, 0, 0);stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;opacity:1;font-family:"Anthropic Sans", -apple-system, BlinkMacSystemFont, "Segoe UI", sans-serif;font-size:16px;font-weight:400;text-anchor:start;dominant-baseline:auto"> <rect x="78" y="118" width="80" height="30" rx="6" stroke-width="0.5" style="fill:rgb(225, 245, 238);stroke:rgb(15, 110, 86);color:rgb(0, 0, 0);stroke-width:0.5px;stroke-linecap:butt;stroke-linejoin:miter;opacity:1;font-family:"Anthropic Sans", -apple-system, BlinkMacSystemFont, "Segoe UI", sans-serif;font-size:16px;font-weight:400;text-anchor:start;dominant-baseline:auto"/> <text x="118" y="137" text-anchor="middle" style="fill:rgb(15, 110, 86);stroke:none;color:rgb(0, 0, 0);stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;opacity:1;font-family:"Anthropic Sans", -apple-system, BlinkMacSystemFont, "Segoe UI", sans-serif;font-size:12px;font-weight:400;text-anchor:middle;dominant-baseline:auto">PRD</text>
Confidence: 90% confidence
Finding:  <g onclick="sendPrompt('PRD 逆向提取时最难推断的是哪些部分？')" style="fill:rgb(0, 0, 0);stroke:none;color:rgb(0, 0, 0);stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;opacity:1;font-fam

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal