Back to skill

Security audit

RFP & Proposal Responder

Security checks across malware telemetry and agentic risk

Overview

The skill is a straightforward RFP/proposal writing helper with no artifact evidence of hidden execution, persistence, or data misuse, though users should avoid pasting sensitive bid materials without approval.

Before installing or using this skill, treat RFPs, budgets, client names, pricing, contract identifiers, and past-win details as potentially confidential. Use sanitized excerpts or approved summaries unless your organization has cleared the material for use with the agent.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
This skill explicitly encourages users to paste full RFP text, company descriptions, strengths, budgets, and past win examples, but provides no warning that these materials may contain confidential business, pricing, procurement, or customer information. That omission increases the chance users will disclose sensitive data to the agent without redaction or approval, creating confidentiality, compliance, and competitive-risk exposure.

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.