Energy Audit

Security checks across malware telemetry and agentic risk

Overview

This skill is an instruction-only commercial energy-audit template that asks for relevant utility and building data but does not include code, installation steps, hidden behavior, or persistence.

Before installing or using it, provide summarized monthly utility data when possible. If uploading bills, redact account numbers, customer IDs, payment details, and unrelated contact information while keeping the usage, demand, dates, rates, and costs needed for the audit.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 89% confidence
Finding: The skill explicitly requests 12 months of utility bills, which can contain sensitive operational, billing, account, and facility usage information. While this data request is relevant to the skill’s stated purpose, the prompt provides no minimization guidance, redaction advice, or privacy warning, increasing the risk of unnecessary disclosure to the agent or downstream systems.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal