Microsoft Skill Creator

Security checks across malware telemetry and agentic risk

Overview

This is a coherent helper for creating Microsoft-focused agent skills, with disclosed documentation lookup and optional CLI use but no hidden or harmful behavior found.

Install this if you want an agent helper for authoring Microsoft technology skills. Prefer the Learn MCP server when available, approve any npx or global npm install explicitly, and review generated skills and sample code before enabling or running them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The skill's trigger description is very broad, covering creation of skills for nearly any Microsoft technology, library, framework, or service. That can cause the skill to activate in contexts where it is only partially relevant, increasing the chance an agent follows its workflow unnecessarily, performs unneeded external lookups or CLI usage, and overrides more specific safer skills or user intent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal