Yq Knowledge Digest

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This skill is a coherent learning-material generator, but users should be aware it can optionally search the web and create several output files.

Install only if you want an agent to generate local learning artifacts from your materials or a user-approved web search. Before running it, confirm the requested formats, where files will be written, and whether external sources should be used; review any generated educational content for accuracy and source provenance.

SkillSpector (3)

By NVIDIA

Description-Behavior Mismatch

Medium

Confidence: 89% confidence
Finding: The documented workflow expands the skill from transforming user-provided materials into actively collecting external source material via web search when the user has not supplied content. That changes the trust boundary and data provenance: generated educational assets may incorporate unverified, copyrighted, biased, or unsafe external content without the manifest clearly declaring this behavior. In a content-generation skill, this is not inherently malicious, but it is a real security and safety issue because users may assume outputs are derived only from their own materials.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The trigger list includes broad everyday phrases such as learning materials, notes generation, quizzes, slides, courseware conversion, and similar generic terms, increasing the chance of accidental invocation in unrelated conversations. Unintended triggering can cause the agent to begin file generation, search, or content transformation actions without the user deliberately invoking this skill, which is especially concerning because the skill can create multiple local artifacts and optionally perform web search.

Missing User Warnings

Low

Confidence: 78% confidence
Finding: The skill defaults to generating multiple output files and later delivering them, but it does not clearly warn the user about the number, types, or storage implications of these locally created artifacts before execution. This can lead to surprising file creation and unnecessary resource use, particularly when defaults include several formats and some outputs may be large or generated from externally sourced material.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal