Security audit

McKinsey Research

Security checks across malware telemetry and agentic risk

Overview

This market-research skill appears purpose-aligned, but it should be reviewed because it can collect sensitive business details and persist reports/logs that may be accessible beyond the immediate run.

Install only if you are comfortable with business context, financial assumptions, and generated reports being used in web/sub-agent research and saved in the workspace. Avoid pasting confidential customer data, unreleased strategy, regulated information, credentials, or proprietary financials unless you have permission and understand retention/access behavior.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The README advertises very broad trigger phrases such as 'Run a full market research for my business' and says the skill 'triggers automatically,' which can cause the orchestrator to invoke this high-cost, multi-step skill when the user only wanted a simple answer or lightweight lookup. Because the skill can spawn sub-agents and use web tools, unintended invocation increases cost, data exposure, and the chance that user inputs are unnecessarily sent through a larger workflow.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill writes multiple artifacts and logs to persistent storage, including research outputs and execution/feedback data, but the user-facing description does not clearly disclose this behavior. In a research workflow, users may provide sensitive business plans, financials, or competitive data, so undisclosed persistence increases privacy, confidentiality, and compliance risk even if the storage is intended for normal operation.

Missing User Warnings

Low

Confidence: 94% confidence
Finding: The prompts repeatedly ask for detailed business context, including financials, costs, revenue, growth rates, pricing, target markets, and full business context, but provide no warning not to paste confidential, regulated, or proprietary information. Because the skill also uses external tools and sub-agents, users may disclose sensitive company data that could be unnecessarily propagated across tool calls, logs, artifacts, or downstream prompts.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The document explicitly states that research artifacts persist across sessions and may be readable by other skills in the same workspace, but it only gives an internal caution not to write secrets rather than a clear user-facing privacy warning or consent mechanism. Because this skill handles business descriptions, financials, and strategy inputs, users may reasonably provide sensitive commercial information that could later be exposed to unrelated skills or future runs through shared artifact access.

VirusTotal

37/37 vendors flagged this skill as clean.

View on VirusTotal