Tageblatt Headlines

Security checks across malware telemetry and agentic risk

Overview

This skill is aimed at collecting public headlines, but it gives the agent broader fetching, file-writing, and automation powers than the narrow purpose clearly scopes.

Install only if you are comfortable with a skill that can fetch more than just the intended news site, write files to user-selected paths, and optionally send headline data through Telegram on a schedule. Prefer a version that restricts fetching to the expected Tageblatt domain, limits output to a known archive directory, and requires explicit confirmation before enabling scheduling or Telegram forwarding.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (4)

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The skill advertises fetching headlines from a single site, but the CLI exposes a user-controlled --url parameter that allows retrieval from arbitrary destinations. In an agent context, this expands the capability beyond the declared purpose and can be abused for unintended outbound requests, including access to internal or sensitive network endpoints if the runtime has such access.

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: This finding is substantively the same issue: the code grants broad network retrieval capability that is not necessary for a narrowly scoped headline-fetching skill. In an automated agent workflow, overbroad network access increases the risk of SSRF-style misuse, policy bypass, or use of the skill as a general downloader rather than a single-purpose scraper.

Vague Triggers

Medium

Confidence: 83% confidence
Finding: The description includes broad activation language such as using the skill whenever the master wants headlines saved locally or automated, which could cause the skill to trigger on ordinary news-related requests beyond the user's specific intent. Over-broad invocation increases the chance of unintended network fetches, local writes, and downstream forwarding actions.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The documentation promotes automatic local archiving and Telegram forwarding, including a scheduled 07:00 workflow, without prominent user warnings or consent language for file creation and external transmission. Even if the content is public headlines, automatic persistence and outbound messaging can surprise users, leak contextual metadata, or normalize unsafe exfiltration patterns in agent workflows.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal