Back to skill

Security audit

Compliance & Audit Readiness Engine

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only compliance planning guide with no code, credential use, persistence, or hidden actions, but users should treat its advice as draft guidance rather than professional audit or legal sign-off.

Install this as a planning and drafting aid for compliance work. Avoid pasting unnecessary sensitive company details, security gaps, customer data, PHI, payment data, or legal facts into prompts, and have qualified compliance, legal, security, or audit professionals review any final policies, evidence packages, or audit conclusions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill exposes multiple generic activation phrases such as 'Prepare for audit', 'Review our GDPR compliance', and 'Track compliance debt' that resemble ordinary user requests rather than narrowly scoped invocation commands. In a shared agent environment, these broad phrases can cause accidental routing into this skill, leading the agent to process sensitive compliance, security, legal, or audit-related data unexpectedly and increasing the risk of prompt-surface misuse or unintended disclosure.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.