Album Review

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent album-review assistant with source-tracing checks and no evidence of hidden, destructive, or credential-seeking behavior.

Before installing, expect this skill to perform public web research about albums and to produce both prose and evidence metadata. Review the generated sources for accuracy, especially for obscure albums, but the artifacts do not show hidden data access, persistence, or unsafe authority.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The file explicitly promises that all factual claims will be strictly sourced, yet the body consists of extensive review assertions without visible citations or attribution. In a skill whose stated purpose is source-traceable long-form criticism, this mismatch can mislead downstream agents or users into treating unsupported statements as verified, reducing trust and enabling hallucinated or fabricated criticism to be presented as grounded.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal