Back to skill

Security audit

3skill

Security checks across malware telemetry and agentic risk

Overview

The skill is PRD-focused but includes under-scoped guidance for unattended code changes and commits, so users should review it carefully before installing.

Install only if you want PRD templates that can also guide autonomous coding agents. Avoid running the unattended `--dangerously-skip-permissions` loop in a normal repository; use an isolated branch or worktree, review every file change and commit, and adjust the branch naming convention to match your team.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
Line L003 explicitly states, "This skill only edits PRDs," which narrows the skill's claimed scope to PRD modification. However, the rest of the document instructs agents to implement stories, run checks, create or checkout branches, commit code, and update progress logs, which materially exceeds and contradicts that claim.

Natural-Language Policy Violations

Low
Confidence
83% confidence
Finding
The instruction "Git branch for this feature (prefix with `ralph/`)" imposes a specific naming/locale-style convention in natural language without indicating that it is optional, user-configurable, or required by a documented organizational context. This can violate the policy against forcing a fixed convention without opt-in or justification.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This markdown file includes a `while` loop invoking `claude --dangerously-skip-permissions` to autonomously implement stories, run checks, and update project files. The surrounding text does not warn users that this pattern can make repeated unattended code and file modifications, which is a safety-relevant behavior for a skill description.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.