Back to skill

Security audit

Autoskill Brainstorming

Security checks across malware telemetry and agentic risk

Overview

This skill needs review because it is a very broad brainstorming workflow that can push the agent into persistent repository changes without clear user confirmation.

Install only if you intentionally want an aggressive design-planning workflow that may inspect the current repository, produce very long outputs, write planning files, and commit them. Before using it on a real project, require explicit confirmation before any file write, git commit, worktree creation, or implementation handoff.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (7)

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The skill contains mutually incompatible interaction rules: it says not to pause for clarification and to keep expanding autonomously, while elsewhere requiring one-question-at-a-time refinement and incremental user validation. In an agent setting, this can cause the model to ignore normal consent and clarification boundaries, increasing the chance of runaway outputs or acting on incorrect assumptions.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The document simultaneously demands exhaustive unlimited expansion and later bounded section sizing, creating unresolved instruction conflicts. This can degrade agent reliability, encourage prompt-injection-like dominance behavior from the skill, and make outputs unpredictable or excessively long.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The skill claims to be for brainstorming/design, but instructs the agent to write a file under docs/plans and commit it to git. Hidden transition from advisory behavior to repository modification is dangerous because it can alter local state and version history without a clear user authorization boundary.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The skill extends from ideation into implementation setup actions such as creating isolated workspaces and planning execution, which exceeds the stated brainstorming scope. This broadens the operational authority of the skill and can cause users or agents to invoke it in contexts where they did not intend environment-changing actions.

Vague Triggers

High
Confidence
97% confidence
Finding
The activation description is so broad ('before any creative work') that it can capture many ordinary development tasks, giving this highly prescriptive skill priority in unrelated contexts. Because the skill includes invasive workflow rules and follow-on actions, overbroad triggering increases the chance of unwanted control over agent behavior.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The skill instructs writing a design document and committing to git without warning that it will modify files and repository history. Lack of disclosure and consent is dangerous in agent workflows because users may expect planning assistance, not persistent changes to the working tree and commit log.

Ssd 4

Medium
Confidence
98% confidence
Finding
The cumulative instruction chain explicitly suppresses normal stopping behavior, forbids common closure patterns, mandates repeated recovery passes, and pushes indefinite expansion. In practice this can hijack the agent’s response loop, consume excessive tokens, block normal clarification/termination, and override higher-quality conversational control in a way consistent with prompt-based denial of service.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.