Back to skill

Security audit

Autoskill Book Writing

Security checks across malware telemetry and agentic risk

Overview

The skill does not show malware or data theft, but its instructions appear to over-control the agent and discourage normal stopping or clarification.

Install only if you are comfortable supervising the agent closely. Watch for overly long answers, refusal to stop, invented details, or rigid phrasing; remove or edit the skill if it interferes with normal instructions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Natural-Language Policy Violations

Medium
Confidence
84% confidence
Finding
The skill hard-codes required phrases and output-shaping behavior without user opt-in, reducing the model's ability to follow user intent or system constraints naturally. In context, this contributes to prompt rigidity and can be used to override safer conversational behavior, especially when combined with anti-termination and coercive workflow rules.

Ssd 4

Medium
Confidence
98% confidence
Finding
The skill explicitly suppresses normal stopping behavior, forces continued generation, and instructs the model to continue until token exhaustion. This creates a denial-of-service and control-bypass pattern: it can waste tokens, crowd out user intent, and reduce the assistant's ability to obey higher-level safety and interaction boundaries.

Ssd 2

Medium
Confidence
91% confidence
Finding
These lines use coercive control patterns that resemble jailbreak tactics by constraining how the model may end responses and forcing substitution of missing details instead of normal interaction. In this skill context, that behavior is more dangerous because it is embedded in a long instruction chain designed to override ordinary conversational safeguards and keep the model generating despite missing requirements.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.