Construction Cost Quoting Assistant

Security checks across malware telemetry and agentic risk

Overview

This is a simple construction cost-estimation guidance skill with no install code, credential use, persistence, or hidden high-impact behavior evident in the artifacts.

Install this when you want help with construction quota matching or cost-estimation workflows. Be aware that broad construction-budgeting prompts may invoke it, so clarify with your agent when a request is general discussion rather than quota-pricing assistance.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The trigger list is broad and includes common terms such as 工程预算, 工程造价, 成本测算, and 投标报价, which can appear in ordinary construction or budgeting conversations. This creates a real risk of unintended invocation, causing the skill to activate outside the user's intent and potentially steer conversations into domain-specific outputs or data collection unexpectedly.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal