Security audit

Format Book 6x9

Security checks across malware telemetry and agentic risk

Overview

This skill locally formats manuscripts into print and Kindle files, with the main caution being that it writes output files into the current folder.

Install this if you want local manuscript formatting. Run it from a folder where you want the generated PDF and EPUB files created, check whether similarly named files already exist, and use a clean book title for filenames.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill explicitly instructs the agent to write generated files into the user's current working directory without requiring confirmation, checking for existing files, or warning about overwrite side effects. In an agent context, this can cause unintended local file creation or clobbering of similarly named files, especially when the output filename is derived from user-controlled book title input.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal