Issue Register

Security checks across malware telemetry and agentic risk

Overview

This skill is an instruction-only WizNote issue register that clearly intends to create and update issue notes, though users should verify its project and overview settings before use.

Install this only if you want the agent to write to WizNote on your behalf. Before using it, fill and verify config.md, especially the project name, category path, and overview docGuid. If you maintain multiple projects with similar issue-note titles, narrow the search/update process or manually confirm the generated overview so unrelated notes are not included.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill performs persistent write operations in WizNote, including creating issue records and rewriting an overview note, but does not require an explicit user confirmation or present a warning before modifying stored content. This creates a real risk of unintended note creation, incorrect project filing, or bulk overwrite of the overview document, especially because the flow says to use the default project directly and mandates updating the overview every time.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal