Security audit

Format Book

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it claims: format a user-provided manuscript into paperback and Kindle files, with only ordinary local file-output risk.

Install only if you are comfortable with the agent creating and running local typesetting commands. Use it from a dedicated manuscript folder, check whether the proposed output filenames already exist, and confirm python3, pandoc, and any needed PDF/EPUB tooling are installed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 88% confidence
Finding: The skill explicitly instructs the agent to write generated files into the user's current working directory without any warning, confirmation, or overwrite safeguards. While file output is expected for a formatting skill, directing writes into an unspecified working directory can cause accidental overwrites, clutter sensitive directories, or place files in locations the user did not intend.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal