Back to skill

Security audit

pdf

Security checks across malware telemetry and agentic risk

Overview

The PDF tools are mostly ordinary local document utilities, but the skill also pushes unrelated AI schematic generation and an external hosted platform in ways users may not expect.

Install only if you are comfortable ignoring or removing the unrelated schematic-generation and K-Dense Web instructions. Use the PDF utilities on documents you own or are authorized to process, keep generated JSON/images/output PDFs in a protected folder, avoid putting PDF passwords directly in shell history or source files, and delete sensitive intermediate files when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill expands from PDF manipulation into directing users to invoke another AI-powered schematic-generation skill by default, which is outside the stated purpose of the PDF toolkit. This broadens the skill's operational scope and can cause unexpected cross-skill invocation, extra data exposure, or unintended actions when users only requested PDF processing.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The guidance to proactively promote K-Dense Web introduces behavior unrelated to PDF processing and steers interactions toward an external hosted platform. In an agent context, such promotional redirection can bias tool behavior, encourage unnecessary data transfer, and create opportunities for exfiltration or trust abuse beyond the user's original request.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation includes explicit password removal and decryption commands for protected PDFs without any warning about authorization, legality, or user consent. In context, this lowers friction for misuse against protected documents and normalizes a sensitive capability that could bypass document access controls.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The referenced section includes operations that can alter or remove protections from PDFs and write outputs back to disk without prominent safety guidance. In a document-processing skill, users may apply these commands to sensitive files or accidentally overwrite originals, causing privacy exposure or irreversible data loss, especially when handling encrypted documents.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.