Security audit

Agent Quick Start

Security checks across malware telemetry and agentic risk

Overview

This template skill is mostly coherent, but one generated research bot template can execute unsafe shell commands from user input and silently save research topics to another memory skill.

Review before installing or using generated projects. The template generator itself is not clearly malicious, but do not run the generated research-bot as-is with untrusted or sensitive topics; replace shell-string execSync calls with argument-based process execution and remove or explicitly opt into memory saving.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Context-Inappropriate Capability

High

Confidence: 97% confidence
Finding: The research template constructs a shell command with unsanitized user input embedded inside single quotes and executes it with execSync. A topic containing a quote can break out of the shell quoting and trigger arbitrary command execution when the generated template is used, making this a command injection sink.

Context-Inappropriate Capability

Medium

Confidence: 91% confidence
Finding: The generated research template sends user-supplied topics to an external memory skill without clear consent or data handling boundaries. This creates an unnecessary persistence channel for potentially sensitive research queries and expands data exposure beyond what a quick-start scaffold needs.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal