Security audit

ITIL 5 Manager

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only ITIL advisory skill with broad activation keywords but no code, credential access, persistence, or data-moving behavior.

Install only if you want ITIL-style IT service management advice. Be aware that generic phrases like incident management or service desk may activate it in ordinary IT conversations, and validate governance, compliance, financial, or operational recommendations against your organization's policies.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (8)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger list includes generic phrases such as 'incident management', 'change management', and 'service desk' that are common in ordinary IT conversations. This can cause unintentional invocation or over-broad routing, leading the skill to engage in contexts where the user did not explicitly request it and increasing the chance of prompt/skill hijacking or unintended disclosure through irrelevant activation.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The trigger list includes broad phrases such as "incident management," "change management," and "service desk," which are common across many general IT support conversations. This can cause unintended activation of the skill in contexts where the user did not specifically request this advisor, leading to prompt hijacking of routing, irrelevant responses, or accidental exposure of the skill's behavior in unrelated workflows.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger list contains very broad phrases such as "incident management," "change management," and "service desk," which are common in ordinary IT conversations and can cause unintended invocation of the skill. This creates a prompt-squatting and routing risk where the skill may activate in contexts where the user did not explicitly intend to use it, potentially displacing safer or more appropriate skills.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger list contains generic phrases such as 'it service management', 'incident management', 'change management', and 'service desk' that are likely to appear in ordinary enterprise support conversations. This can cause unintended activation of the skill in unrelated contexts, leading the agent to inject ITIL-specific guidance when the user did not explicitly request this skill, which is a scope and prompt-routing weakness rather than direct code execution risk.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger list includes broad operational terms such as 'incident management', 'problem management', 'change management', and 'service desk' that are likely to appear in many normal enterprise conversations. This can cause unintended skill activation, leading the agent to inject ITIL-specific guidance when the user did not explicitly request this skill, which increases the chance of context hijacking or irrelevant privileged workflow influence.

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The trigger list includes broad, generic phrases such as 'incident management', 'change management', and 'service desk' that are common in normal IT conversations. This can cause unintended invocation of the skill in contexts where the user did not explicitly request this agent, leading to inappropriate routing, confusion, or disclosure of context to the wrong skill.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger list includes broad, common IT phrases such as 'it service management', 'incident management', 'change management', and 'service desk', which can match many ordinary user requests and cause unintended activation. In an advisory skill, overbroad activation can route users into this skill outside their intent, increasing the chance of irrelevant guidance, policy bypass through misrouting, or prompt-surface expansion.

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The trigger list contains several generic phrases such as "service desk," "incident management," and "change management" that are common in ordinary IT conversations. This can cause unintended skill activation, leading the agent to inject specialized guidance in contexts where the user did not explicitly request this skill, which increases prompt-routing and context-confusion risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.