nature-citation

Security checks across malware telemetry and agentic risk

Overview

This citation helper is purpose-aligned, but users should avoid sending confidential manuscript details unless they accept external lookups.

Install this if you want networked citation verification and export help. Do not use it with confidential manuscripts, unpublished ideas, proprietary topics, or private reference lists unless you are comfortable with the agent querying external services, including the listed personal-library endpoint and public research/search providers.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The workflow directs the agent to send user-provided claims, topics, and references to a personal-library endpoint and multiple third-party services without any user-facing notice or consent step. If users submit unpublished research ideas, manuscript text, sensitive reference lists, or proprietary topics, the skill may disclose that data externally in ways the user does not expect.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal