Homestruk Maintenance Triage

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent property-maintenance triage helper, with expected local work-order storage that users should treat as private tenant records.

Install this only in a workspace where tenant and property information is appropriate to store. Treat generated work orders as private records, review or delete old files according to your retention needs, and require approval before sending tenant or owner messages, dispatching contractors, or committing to costs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill instructs the agent to read local contractor data and write work orders containing tenant names, phone numbers, addresses, and unit details to persistent storage, but provides no minimization, access-control, retention, or consent guidance. In an agent environment, this creates a real privacy and data-governance risk because sensitive personal information may be unnecessarily exposed, retained, or surfaced to later tasks/users.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal