Back to skill

Security audit

exam-mindmap-generator

Security checks across malware telemetry and agentic risk

Overview

The skill fits its study-plan purpose, but it needs Review because the generated report can run third-party JavaScript and overwrite local output with weak scoping.

Review before installing. Use it only with knowledge_map.json files you trust, because their contents are embedded into a browser-opened HTML report. Be aware that opening the report loads ECharts from BootCDN, and keep copies of older reports if overwriting would matter.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Intent-Code Divergence

High
Confidence
91% confidence
Finding
Conflicting output-path instructions can cause the agent to write files to an unintended location, including overwriting files in the workspace root when a safer sandboxed directory was intended. In a tool-using environment, ambiguity around write targets increases the risk of accidental data modification, broken downstream automation, and bypass of expected containment boundaries.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The template loads ECharts from an external CDN at render time, which introduces a third-party supply-chain and privacy risk into output that is described as a static review-plan HTML file. If the CDN is unavailable, compromised, blocked, or modified in transit, the generated page may fail to render correctly or execute attacker-controlled JavaScript in the user's browser.

Context-Inappropriate Capability

Low
Confidence
88% confidence
Finding
Introducing a third-party network resource for a study-plan generator expands the attack surface beyond the skill's core purpose and causes the generated HTML to depend on external infrastructure. This can leak user metadata such as IP address and access timing to the CDN and weakens the expectation that the output is self-contained and safe to open offline.

Vague Triggers

Medium
Confidence
84% confidence
Finding
A broad trigger like '重新生成' can be activated unintentionally during ordinary conversation, causing the skill to perform file writes or overwrite prior outputs without the user's informed intent. Because this skill has side effects, an ambiguous activation phrase increases the chance of unintended state changes and confusing automation behavior.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill performs write/overwrite operations without clearly notifying the user about data modification or replacement of an existing file. This is dangerous because users may lose prior outputs or unknowingly alter workspace state, especially when the skill auto-triggers after another pipeline phase.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.