Back to skill

Security audit

自动为文章添加参考文献

Security checks across malware telemetry and agentic risk

Overview

This is a coherent citation helper, but users should understand it can edit chosen documents and send document-derived search terms to academic search services.

Install only if you are comfortable reviewing the external academic-search dependency and Python packages. Use an explicit output path or a copy of important documents, confirm candidate references before insertion, and avoid confidential or unpublished drafts if you do not want their topics or keywords sent to external academic search providers.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger phrases are broad enough to match normal editing requests such as 'find citations' or 'add references', which can cause the skill to activate unexpectedly. Because this skill performs document analysis, external search, and file modification, accidental invocation can expose document-derived content to third-party services or alter files when the user did not intend to use this specific workflow.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README advertises automatic insertion into Markdown, LaTeX, and Word documents but does not clearly warn that the skill can change user files. In an agent setting, silent or poorly disclosed file modification is risky because users may invoke the feature expecting suggestions only, leading to unintended edits, overwritten content, or difficult-to-review changes.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill states that it derives keywords and queries from user documents and sends searches across multiple external academic platforms, but it does not clearly disclose the privacy implications. Even if full documents are not uploaded, document-derived queries, titles, keywords, and research topics may reveal confidential or unpublished work to third-party services, making this especially sensitive for academic drafts and proprietary research.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrases are broad enough to activate during common writing or editing conversations, which can cause the skill to engage when the user did not intend citation insertion or document processing. Over-broad activation is risky here because the skill has file read/write capabilities and may alter documents based on ambiguous intent.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The file-based activation rule is underspecified: any .md, .tex, or .docx file with 'citation不足或缺失' is subjective and may match many ordinary documents. In a skill that can write output, ambiguous file triggers increase the chance of unintended activation and modification of unrelated files.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill describes citation insertion commands but does not clearly warn users that their source documents may be modified, overwritten, or accompanied by backup files. Lack of disclosure undermines informed consent and can lead to data loss, confusion, or accidental corruption of important academic documents.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The examples show the skill automatically modifying user files such as .bib, LaTeX, and Word documents, but do not clearly warn about file overwrite, insertion location, or the need for explicit confirmation before writing changes. In an agent setting, this can lead to unintended data loss, document corruption, or silent content changes that the user did not fully authorize.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script overwrites the original document by default when --output is not provided, and it does so without any confirmation prompt or explicit safe-default behavior. In an agent context that may operate on user-supplied files automatically, this can cause unintended modification of important documents; although a backup is created in some paths, the primary file is still changed in place and users may not expect that behavior.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.