Back to skill

Security audit

AutoSkill Study Planner

Security checks across malware telemetry and agentic risk

Overview

The skill is a non-executable study planner, but it includes strong prompt-control rules that can force excessive, off-topic, hard-to-stop responses.

Install only if you specifically want a very verbose, rigid study-planning assistant. Expect it to produce long outputs and sometimes ignore requests for concise or narrowly scoped answers; avoid using it in workflows where bounded responses, exact formats, or normal stop behavior matter.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill injects mandatory cross-disciplinary 'lens' analysis such as quantum mechanics or evolutionary ecology into a study-planning workflow, which is unrelated to the user's request and the skill's stated purpose. This creates prompt-scope drift, wastes context budget, and can crowd out the practical planning content the agent is supposed to deliver, making the skill easier to abuse for irrelevant or disruptive output expansion.

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
The workflow is dominated by forced recursive self-critique, status gates, anti-compression audits, and completion-recovery machinery that are unrelated to an academic study planner's function. This is dangerous because it acts like prompt-level denial of service: it compels excessively long, hard-to-terminate responses, increases token consumption, and can override normal task completion in ways that degrade reliability and safety.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.