Markdown Report Generator

Security checks across malware telemetry and agentic risk

Overview

This is a simple instruction-only report-generation skill whose file, URL, and export behavior is disclosed and aligned with its purpose.

Before installing, be clear about which files, URLs, or conversation material may be used and where the report should be saved. Avoid including confidential material unless you intend it to appear in the generated report, and only request HTML or PDF conversion when you trust the conversion tooling in your environment.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The skill can be invoked by very common report-writing requests without explicit boundaries on inputs, destinations, or user confirmation for side effects. In an agent setting, broad triggering increases the chance the skill is selected in contexts where it may process sensitive conversation data or perform unintended file/output actions beyond what the user clearly authorized.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill advertises saving files and optional HTML/PDF conversion but does not warn about file-writing behavior, output paths, or any tooling involved in conversion. In an autonomous agent workflow, undisclosed write operations and format conversion can lead to unexpected persistence of sensitive data, overwriting files, or unsafe use of external converters.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal