Board Reporting Framework

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only board reporting template whose main risk is handling sensitive company metrics if the user gives the agent broad access.

Safe to install as a reporting framework, but use it with explicit source limits. Tell the agent which files, systems, date ranges, and metrics it may use, avoid unnecessary customer or employee details, and keep generated board materials in an access-controlled location.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The usage text says the agent 'will pull your data' but provides no disclosure about what data sources may be accessed, what categories of business data are collected, or how sensitive financial and board materials are handled. In the context of board reporting, this is more dangerous because the data likely includes confidential financials, pipeline details, customer information, hiring plans, and risk registers, creating a real risk of over-collection or unintended disclosure.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal