Back to skill

Security audit

7skill

Security checks across malware telemetry and agentic risk

Overview

This PRD skill is document-only, but it includes guidance for running an unattended coding agent with permission checks disabled, which needs careful review before use.

Use this skill only for PRD drafting and structured task planning unless you are prepared to supervise repository changes. Do not run the unattended `--dangerously-skip-permissions` loop in a normal project; use a branch or worktree, keep permission prompts enabled, review changes between stories, and avoid storing secrets in `progress.txt`. Verify the package identity because its embedded metadata does not match the registry metadata.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
Line L003 states "This skill only edits PRDs," which is an active limitation claim about the skill's scope. However, the rest of the document directs agents to implement stories, run checks, create or checkout branches, commit changes, and append to progress logs, which goes beyond PRD-only editing and directly contradicts that statement.

Missing User Warnings

High
Confidence
95% confidence
Finding
This markdown file instructs users to run an infinite unattended agent loop using `claude --dangerously-skip-permissions`, which implies autonomous file modification and command execution. The section does not include any warning about potential impacts to user data, repository integrity, or the risks of disabling permission checks.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.