Back to skill

Security audit

Awesome Paper Skill

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says, but it can create or change GitHub repositories using the user’s account without a clear final confirmation step.

Review carefully before installing. Use it only with an explicit repo owner, repo name, and visibility; verify the active GitHub CLI account; inspect the generated README; and require a manual confirmation before any repository creation, push, or visibility change.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill is designed to create or update a GitHub repository and push content remotely, but it does not require an explicit confirmation step immediately before performing that state-changing action. In an agent setting, this can lead to unintended writes to the wrong repository, unauthorized publication, overwriting existing README content, or accidental disclosure if repo parameters are inferred from workspace context.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script performs state-changing git and GitHub actions, including repository creation, remote configuration, push, and visibility changes, immediately after parsing arguments and without any user-facing confirmation or dry-run step. In an agent or automation context, this increases the chance of accidental publication of sensitive or unintended content, especially because the target owner/name and public/private visibility are externally supplied.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.