Academic Thesis Review

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed thesis-review workflow that reads a user-provided .docx file and writes local review artifacts for that same purpose.

Install if you are comfortable with the agent reading the thesis document and saving extracted thesis text and review notes locally. Use a clean working folder, check that any existing review_results.md belongs to the same thesis before re-review, and delete review_artifacts/ afterward if the thesis is sensitive.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The trigger phrases include broad, ordinary-language requests such as '帮我看看论文' and '论文有什么问题', which can cause the skill to activate in situations where the user did not intend this specific workflow. Unintended activation matters here because the skill performs substantial file processing and persistence, so a casual request could lead to unexpected local data access and artifact creation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal