Bidding Document Generator

Security checks across malware telemetry and agentic risk

Overview

This is a document-drafting skill for construction bid packages, with no code execution, but its outputs need careful human review before use.

Install only if you are comfortable using it for draft bid paperwork. Avoid sharing unnecessary confidential company, pricing, identity, or qualification documents, and have qualified legal, commercial, engineering, and bid staff verify all figures, credentials, compliance statements, and commitments before submission.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger phrases are very broad and map to common user requests such as writing bids, technical proposals, and pricing documents, which increases the chance the skill is invoked when a user did not explicitly intend to use this specialized workflow. In a bidding context, unintended activation can cause the assistant to generate sensitive commercial or compliance-related content without sufficient scoping, review, or disclaimers.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill advertises one-click generation of complete bid packages, including pricing, qualifications, and formal declarations, but does not warn users to verify legality, factual correctness, eligibility, and commercial terms before submission. In procurement and construction bidding, inaccurate or fabricated content can lead to regulatory violations, bid disqualification, contractual disputes, or fraud exposure.

VirusTotal

56/56 vendors flagged this skill as clean.

View on VirusTotal