Support

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only customer support helper whose privacy risks are expected for support work but should be managed carefully.

Install for support drafting and triage if you are comfortable sharing relevant ticket context with your agent. Review responses before sending, avoid unnecessary full account records, redact secrets and payment data, and route billing, legal, security, or regulated-data cases through your normal approved support process.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The skill metadata is extremely broad and lacks activation boundaries, examples, or explicit limits on when it should be used. In an agent environment, this can cause over-invocation on loosely related prompts and increase the chance the skill handles sensitive support, billing, or security matters without appropriate guardrails.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill explicitly discusses reading tickets, account history, and customer context but does not warn that these inputs may contain sensitive personal, financial, or security-relevant data. Without an explicit warning and handling constraints, users or downstream agents may expose or over-process sensitive customer information in ways that create privacy, compliance, or data minimization risks.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal