Pilot Document Processing Setup

Security checks across malware telemetry and agentic risk

Overview

This is a coherent setup guide for a three-agent document pipeline, with expected persistent configuration and disclosed network data flows.

Before installing, review the additional pilot-* skills that this setup installs, confirm the Pilot binaries are trusted, and use this only for documents whose extracted fields or summaries may be shared with the configured downstream systems.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill instructs the agent to create and write a manifest under ~/.pilot/setups/document-processing.json, which is a persistent modification to the user's home directory. Because the skill description does not clearly warn the user about this filesystem change, the user may authorize setup without understanding that local persistent state will be created and retained.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The indexer manifest and data flow description explicitly send document-derived data and notifications to downstream systems via webhook on port 443, but the skill description does not warn about the privacy and integrity implications of transmitting potentially sensitive extracted content externally. In a document-processing pipeline, extracted fields may include invoices, entities, dates, and amounts, so silent outbound transmission materially increases data exposure risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal