Back to skill

Security audit

kdp-generator

Security checks across malware telemetry and agentic risk

Overview

This is mostly a local KDP book-generation skill, but it includes unsafe watermark-removal guidance and overly broad activation rules that users should review before installing.

Install only if you specifically want a local KDP production helper and are comfortable reviewing its generated files before upload. Avoid the watermark-cropping guidance; use licensed, watermark-free assets and verify KDP policy compliance. Also treat activity-book outputs as drafts, because some puzzle and answer pages may not match their promises.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Context-Inappropriate Capability

Low
Confidence
82% confidence
Finding
The skill includes instructions for unrelated skill-development tooling such as eval and description optimization, which expands its operational scope beyond KDP book generation. This is risky because it encourages execution of auxiliary tooling that can modify behavior, optimize triggering, or access external files without being necessary for the end-user task.

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The page title and instructions explicitly tell children to find five differences, but both scenes are effectively the same because the `has_differences` branch is a no-op. This is an integrity/deception flaw: the generated content does not match what the book promises, which can mislead buyers and produce unusable low-content material at scale.

Intent-Code Divergence

Low
Confidence
91% confidence
Finding
The file includes an 'Answers' page, but it provides no answers for mazes, puzzles, or spot-the-difference activities. This is a content-integrity issue rather than code execution risk, but in the KDP publishing context it can result in deceptive output, customer complaints, or policy/compliance problems if books are sold as including answers.

Vague Triggers

High
Confidence
93% confidence
Finding
The description uses very broad trigger language such as 'make sure to use this skill whenever the user mentions' a wide set of common publishing and design topics. Over-broad activation criteria can cause the skill to trigger in unrelated contexts, leading to unnecessary file generation, confusing tool selection, or unintended execution of scripts when a safer or more appropriate skill should have been used.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation describes creating multiple output artifacts on disk, including PDFs, markdown, JSON, and production files, without warning the user that local files will be written. In an agent setting, silent write behavior can lead to unexpected filesystem changes, overwrites, clutter, or generation of sensitive business content in unintended locations.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The eval queries are phrased as broad, natural-language user requests such as generating KDP covers, EPUBs, metadata, or journals. If these eval prompts are reused for routing, prompt matching, or trigger tuning, they can cause the skill to activate on common publishing-related requests too aggressively, leading to overbroad invocation and unintended handling of user tasks. In this skill, that risk is amplified because the metadata explicitly says to use the skill whenever many common KDP-related phrases appear.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger list includes broad terms like "KDP," "kindle," "publishing," and "passive income," which can cause the skill to activate for many loosely related requests rather than clear user intent to generate KDP assets. In an agent system, overbroad activation increases the chance of unintended tool invocation, context hijacking, or steering the assistant into publishing workflows when the user meant something more general.

Ssd 4

Medium
Confidence
91% confidence
Finding
The cover-generation guidance explicitly recommends cropping AI-generated images to remove likely watermarks, which normalizes circumvention of provenance or rights indicators. Even if framed as a production tip, this can facilitate copyright, licensing, or platform-policy violations and encourages misuse of generated assets in commercial publishing workflows.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.