Back to skill

Security audit

Story Import

Security checks across malware telemetry and agentic risk

Overview

This is a text-only novel import workflow that asks for user-provided book content and creates project files in line with its stated purpose.

Install this if you want an agent to turn an existing novel into a local writing-project structure. Use explicit commands such as `/story-import` and review the target directory before proceeding, because the workflow can create many files, copy the source text into project folders, set `.active-book`, and overwrite generated reference files for the imported project.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger list includes very broad natural-language terms such as '导入' that are likely to collide with ordinary conversation and unrelated tasks. This can cause unintended activation of a powerful file-processing workflow that asks for paths, reads user-supplied content, and creates or modifies substantial project structure, increasing the chance of accidental data exposure or unintended filesystem changes.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.