Back to skill

Security audit

Edge Router

Security checks across malware telemetry and agentic risk

Overview

This is a small instruction-only skill for routing compute jobs, but executing jobs may send prompts or payloads to a third-party service.

Install only if you intend to use a third-party compute-routing service. Prefer route or status checks before execute, and avoid sending secrets, private prompts, proprietary data, credentials, or regulated data unless you trust the provider and understand its billing and data-handling terms.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill documents an execute endpoint that sends task payloads to selected backends, including cloud and quantum services, without warning that prompts, model names, or other payload contents may leave the local environment. In an agent setting, this can lead to unintentional disclosure of sensitive data to third-party infrastructure because users are not informed about transmission boundaries or trust implications.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.