Back to skill

Security audit

Convert Natural Language

Security checks across malware telemetry and agentic risk

Overview

The skill mainly drafts structured outputs from natural language, but its install metadata and documentation overstate sensitive capabilities and leave credential/write behavior unclear.

Review before installing. Use this only as a drafting aid, treat generated SQL, API calls, and shell commands as untrusted suggestions, and do not grant financial, purchase, OAuth, or sensitive-credential access unless the publisher narrows and explains those requirements.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The manifest says the skill converts natural language into structured formats like SQL, JSON, API requests, search queries, regex, and schemas, but the body additionally enables shell/CLI command generation. That undocumented expansion matters because converting free-form language into executable shell commands materially increases risk, especially if downstream agents or users run the generated command without careful review.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
Shell command generation is a higher-risk capability than passive structured formatting because it can produce directly executable instructions affecting the host, containers, clusters, or source control. Even with a narrow prohibition on obviously destructive commands, the skill still permits powerful commands for tools like docker, kubectl, and git, creating command-injection, privilege misuse, or harmful-automation risk if the outputs are executed in sensitive environments.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The README leaves the trigger condition as a placeholder ('When triggered: [trigger condition]') instead of defining clear activation criteria. In an agent skill, ambiguous invocation guidance can cause the skill to be selected in unintended contexts, increasing the chance it processes inputs it was not designed to handle and amplifying downstream misuse or unsafe transformations.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The README advertises a write mode with an input file but gives no warning that it may modify files or produce side effects. In a skill that converts natural language into structured output, undocumented write behavior is risky because users or orchestrators may invoke it assuming read-only behavior, leading to unintended file changes or unsafe automated actions.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.