Security audit

enterprise-diagnosis-report

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward PDF-to-report helper for enterprise diagnosis reports, with expected local parsing, optional URL download, and file output behavior.

Install only if you are comfortable letting the agent read the supplied enterprise PDFs and write extracted text or generated reports locally. Use a dedicated working directory, avoid untrusted PDF URLs, and delete or protect outputs that contain financial, tax, or business-sensitive information.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 89% confidence
Finding: The skill declares no permissions, yet its documented behavior clearly includes network access via remote PDF URLs and file writes to ./output or the current working directory. This creates an authorization and transparency gap: users or the hosting platform may not realize the skill can fetch external content and persist potentially sensitive enterprise data locally.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 84% confidence
Finding: The skill is presented as a report-integration tool, but the documented workflow also downloads remote PDFs, reads local files, extracts full text, and writes results to disk. That broader behavior materially increases the attack surface because it can be used to access sensitive local documents, retrieve untrusted remote content, and persist extracted enterprise data beyond what users may expect from the description.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill handles sensitive enterprise financial and tax reports, downloads/parses PDFs, and writes extracted content to local files, but it does not provide clear warnings or controls around data sensitivity, storage location, retention, or overwrite risk. In this context, that is especially dangerous because the documents may contain confidential corporate, financial, and tax information that could be exposed through insecure local storage or unintended persistence.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.