Back to skill

Security audit

Skill Creator ProMax

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed prompt-and-skill-file generator with user confirmation before workspace writes.

Before installing, expect this skill to guide multi-turn prompt design and, if you explicitly confirm, create a SKILL.md file in your workspace. Review the generated file before approving the write, especially for prompts that may later use tools, credentials, or broad file access.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Unbounded Resource Access

Medium
Category
Excessive Agency
Content
**Rollback mechanism**: If the user says "start over", "go back to positioning", "not satisfied, start again", clear all Stage 3 modifications and return to Stage 1. Keep previous Stage outputs as reference, but clearly mark "Below is from the previous round, for reference only."

**⏸ Pause after each modification. Stage 3 can loop indefinitely.**

### Stage 4 — Skill File Generation (triggered when user explicitly says "looks good"/"satisfied"/"generate")
Confidence
84% confidence
Finding
loop indefinitely

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.prompt_injection_instructions

Prompt-injection style instruction pattern detected.

Warn
Code
suspicious.prompt_injection_instructions
Location
platforms/SKILL.md:71