5skill

Security checks across malware telemetry and agentic risk

Overview

This PRD skill is mostly planning documentation, but its reference instructions promote unattended coding-agent runs that can bypass permission prompts and repeatedly change a repository.

Install only if you want PRD templates plus agent-execution guidance. Do not run the unattended --dangerously-skip-permissions loop as written; use normal permission prompts, a separate branch or worktree, bounded story-by-story execution, and human review before commits or marking tasks complete.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Intent-Code Divergence

Medium

Confidence: 96% confidence
Finding: The document states the skill only edits PRDs, but the included usage patterns explicitly instruct agents to implement code, run checks, create branches, commit changes, and modify tracking files. That mismatch can mislead users and downstream systems about the skill's true operational scope, causing it to be granted broader autonomy than intended without appropriate safeguards.

Missing User Warnings

High

Confidence: 99% confidence
Finding: The unattended loop repeatedly runs an autonomous coding agent with `--dangerously-skip-permissions`, explicitly bypassing safety prompts while allowing continuous code changes, testing, and state updates. In skill context, this is dangerous because it operationalizes unreviewed, persistent repository modification and command execution with minimal user awareness or interruption points.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The OpenCode example instructs an agent to load tasks, implement code, verify results, and mark work complete automatically, but does not disclose that this can make repository changes without step-by-step review. Even without an explicit permission-bypass flag, presenting autonomous modification as a simple one-liner lowers the barrier to unsafe execution.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The prompt template directs the agent to create branches, implement code, run checks, commit changes, edit `prd.json`, and append to `progress.txt`, but it omits any warning that these are repository-modifying actions. In a skill/reference document, this can normalize broad autonomous write access and hide the operational risk from users who may believe they are only editing planning artifacts.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal