Crisis Communications Playbook

Security checks across malware telemetry and agentic risk

Overview

This appears to be a documentation-only crisis communications drafting skill, with no evidence of code execution, data access, persistence, or exfiltration.

Install only if you understand that crisis messages generated by the skill are drafts. For data breaches, regulatory investigations, financial restatements, layoffs, or other sensitive incidents, have legal, compliance, security, executive, and communications stakeholders review and approve any output before sending it internally or externally.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The README presents AI-generated crisis communications for sensitive scenarios such as data breaches, regulatory investigations, and financial restatements as fast, ready-to-use outputs without any clear requirement for legal, compliance, PR, or incident-response review. In these contexts, inaccurate or premature statements can create regulatory exposure, misrepresentation risk, evidence preservation issues, and material reputational harm, especially during the first hours of an incident.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal