Academic paper reading, summarizing, polished method diagrams drawing SKILL

Security checks across malware telemetry and agentic risk

Overview

This skill coherently analyzes academic papers and can generate diagram files, with some broad activation behavior users should keep in mind.

Install this if you want automatic paper review reports and optional method diagrams. Be aware it may activate whenever paper content is shared, writes files by design, may fetch arXiv pages, and may use local browser rendering for PNG output when requested.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The skill declares very broad auto-trigger conditions such as activating whenever paper content is present or when users ask to analyze, summarize, critique, explain, or visualize a paper. This can cause unintended invocation on ordinary requests, reducing user control and potentially causing the agent to fetch/process external content or produce files when the user did not explicitly request use of this skill.

Natural-Language Policy Violations

Medium

Confidence: 88% confidence
Finding: The skill automatically switches to Chinese output when it detects Chinese input, unless overridden by an explicit flag. This overrides expected output behavior without a clear opt-in and can lead to unintended language changes in reports and diagrams, which is a policy/control issue rather than a direct security exploit.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal