Back to skill

Security audit

AI-DLC

Security checks across malware telemetry and agentic risk

Overview

This is a coherent development-workflow skill, but it broadly activates for normal coding tasks and stores all user input verbatim in a workspace audit file.

Review before installing. Use it only if you want a structured AI-DLC workflow that creates and updates aidlc-docs files in your repositories. Treat audit.md as sensitive, avoid pasting secrets, consider excluding audit files from version control, and prefer modifying the skill to log sanitized summaries rather than raw user messages.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (15)

Vague Triggers

High
Confidence
96% confidence
Finding
The trigger phrases are extremely broad (e.g. 'start a project', 'new feature', 'bug fix', 'any dev task') and are likely to activate during ordinary development conversations that were not intended to invoke this skill. That increases the chance the skill takes control of a session unexpectedly and begins performing mandated workflow actions such as file creation, question redirection, and logging, expanding the attack surface and causing unsafe or privacy-impacting behavior without clear user intent.

Missing User Warnings

High
Confidence
99% confidence
Finding
The skill explicitly requires that all user input be recorded verbatim into `aidlc-docs/audit.md` with timestamps, but provides no consent flow, minimization rule, retention limit, or warning about sensitive data exposure. In practice this can capture secrets, credentials, personal data, proprietary code, or incident details in plaintext artifacts inside the workspace, creating confidentiality, compliance, and secondary disclosure risks.

Missing User Warnings

Low
Confidence
83% confidence
Finding
These recovery steps instruct the agent to create backups and regenerate `aidlc-state.md` from scratch, then mark completed phases, without an explicit warning that this will write and potentially replace workflow state. In an AI-driven development workflow, unclear file-modification guidance can lead to unintended overwrites, loss of provenance, or user confusion about what was changed during recovery.

Natural-Language Policy Violations

Medium
Confidence
91% confidence
Finding
The file enforces a rigid interaction constraint by forbidding questions in chat and requiring all questions to be routed through files. In an AI-driven workflow skill, this can override user-preferred interaction modes, reduce transparency, and enable coercive or harder-to-monitor behavior where the agent writes artifacts to the workspace instead of obtaining direct, explicit consent in chat.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The instruction to always log the continuity prompt in audit.md causes automatic file modification without any user-facing disclosure or consent. In a development workspace, silent writes can unexpectedly persist potentially sensitive context, project metadata, or user inputs into repository files, creating privacy, integrity, and compliance risks.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The instruction to always place clarification or feedback questions in .md files directs the agent to modify workspace files as part of normal interaction, but gives no warning to the user that files will be created or changed. In an AI-driven development skill, this is more dangerous because the agent operates across many project artifacts, so hidden writes can pollute repositories, alter documentation unexpectedly, and introduce sensitive conversational content into version-controlled files.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill instructs the agent to write and modify project files (`application-design-plan.md` and later multiple docs) as part of execution without first requiring an explicit user confirmation for those file changes. In an agent setting, this can lead to unexpected workspace modification, document overwrite, or audit/log pollution if the skill is triggered automatically or the user does not understand the scope of writes.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill repeatedly instructs the agent to create and update numerous files in the workspace, but does not first disclose that it will perform write operations or ask for consent. In an agent skill, silent workspace mutation is a real safety issue because users may expect analysis-only behavior and could have existing files overwritten or cluttered without clear approval.

Missing User Warnings

High
Confidence
98% confidence
Finding
The instruction to log the user's complete raw input to audit.md creates a data-retention risk because approval messages can contain secrets, personal data, pasted credentials, or other sensitive context. Storing raw user input without warning, minimization, or retention controls can expose sensitive data to later readers, commits, backups, or downstream tooling.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill explicitly instructs the agent to create and modify multiple repository files, including planning documents and state-tracking artifacts, without requiring a clear, upfront warning that filesystem changes will occur. In an agent setting, this can lead to unexpected persistent modifications, audit/log pollution, or overwriting project documentation before the user understands or consents to the write scope.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The workflow explicitly instructs the system to write the user's COMPLETE RAW response into an audit log, but the surrounding user-facing plan text does not clearly warn that full free-form input will be retained. In an AI-driven development workflow, users may paste secrets, credentials, internal URLs, incident details, or proprietary code into approval responses, so unconditional raw logging creates unnecessary sensitive-data retention and expands breach/disclosure risk.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill instructs the agent to create `aidlc-docs/aidlc-state.md` automatically as part of workspace detection, before obtaining explicit user consent. Writing files to the user's workspace during an initial discovery phase can cause unintended modification of repositories, pollute working trees, and trigger downstream automation or commits in environments where the user expected read-only analysis.

Ssd 3

High
Confidence
99% confidence
Finding
This is a true data-handling vulnerability because it mandates plaintext retention of every user message, exactly as written, in a workspace file. The broader skill context makes it more dangerous: the skill is intended for software development, where users commonly provide stack traces, environment details, tokens, internal URLs, business requirements, and source snippets, all of which may be sensitive and then persist in a shareable repository or artifact set.

Ssd 3

Medium
Confidence
99% confidence
Finding
Recording the user's full raw approval input is a true data-minimization failure: the task only needs evidence of approval, not unrestricted retention of whatever the user typed. In this skill context, which operates inside a development workspace, such logs are especially risky because they may be committed to version control or shared across team environments.

Ssd 3

Medium
Confidence
97% confidence
Finding
This instruction directs the agent to persist the user's full response verbatim in an audit file, which can capture sensitive user-provided data without any minimization or filtering. Because this skill is meant for software-development workflows, the context increases risk: users are especially likely to provide bug details, stack traces, source snippets, tokens, environment values, or customer data during plan approval and change requests.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.