Security audit
Generate Property Management Company Client Education Handout
Security checks across malware telemetry and agentic risk
Overview
This appears to be a normal handout-writing skill, but it requests broad local Read and Bash authority that is not explained by its document-generation purpose.
Review before installing. The skill content itself looks like a benign prompt for creating a client education handout, but consider limiting or disabling Bash and broad Read access unless you intentionally want it to inspect local files or run commands. Verify the publisher and repository before using the README install commands.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.
Static analysis
No suspicious patterns detected.
