Compliance Audit Generator

Security checks across malware telemetry and agentic risk

Overview

This is a simple instruction-only compliance report generator, with the main risk being that users may share sensitive business or regulated data while using it.

Before installing or using this skill, treat it as a drafting aid for compliance readiness, not a certified audit or legal opinion. Provide high-level, sanitized descriptions of systems and controls, avoid pasting secrets, credentials, customer records, PHI, cardholder data, personal data, or detailed exploit information, and have qualified compliance, legal, or security professionals validate final decisions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill explicitly asks users to provide organization details, security controls, data types, certifications, and known gaps without cautioning them not to include sensitive or regulated data. In a compliance-audit context, users may overshare confidential architecture, security weaknesses, PHI, PCI, or personal data, which can create unnecessary exposure if the agent platform stores, logs, or forwards prompts.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal