SLA Manager

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed SLA guidance skill with templates and optional commercial links, not a tool that runs code or accesses private systems.

Use this as an SLA drafting and review aid, not as legal advice. Be cautious with optional external purchase or calculator links, and avoid pasting confidential contracts, customer data, or commercial terms unless you intend the assistant to analyze them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Context-Inappropriate Capability

Low

Confidence: 97% confidence
Finding: The skill embeds promotional external links and upsell content that are unrelated to the core SLA-assistance function. In an agent setting, this creates a trust-boundary issue: the assistant may steer users toward third-party sites or commercial offerings without necessity, increasing phishing, data exposure, and prompt-injection surface if users follow those links.

Vague Triggers

Medium

Confidence: 81% confidence
Finding: The activation condition 'When the user needs SLA help' is broad and underspecified, which can cause the skill to trigger in contexts where SLA guidance is only tangentially related. Over-broad activation is risky because it increases the chance of inappropriate instruction injection into unrelated workflows and may cause the agent to provide contractual or operational guidance without sufficient context.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal