Data Query

Security checks across malware telemetry and agentic risk

Overview

This skill is a simple guide for querying logistics index pages and does not install code or request privileged access.

Before installing, confirm that your organization permits access to and reuse of the listed logistics index data. When you want a narrow query, specify carrier, date, province or region, and metric so the agent does not use the broad defaults.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The skill description defines only a broad capability ('query logistics index data') without clear invocation boundaries, required parameters, or exclusion conditions. This can cause the agent to activate on loosely related requests and perform unintended data retrieval, especially because the skill also contains permissive fallback behavior for missing inputs.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The skill silently defaults missing carrier, date, province, and metric values, allowing execution on vague or incomplete requests. This increases the chance of overbroad queries, unintended data exposure, and misleading outputs because the agent may act on assumptions the user did not authorize or intend.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal