Back to skill

Security audit

Case

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only legal case guidance skill with high-stakes subject matter, but no code, install scripts, account access, or hidden behavior.

Use this as an educational checklist and question-generation aid, not as legal advice or your only deadline tracker. Verify all deadlines, jurisdiction-specific rules, and filing requirements with official court notices, court rules, and a licensed attorney before acting, and avoid entering privileged or highly sensitive case details unless you are comfortable with the agent environment handling them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill is framed for 'anyone navigating a legal case,' which is an unusually broad activation scope for a high-stakes domain. In legal contexts, broad applicability increases the chance the skill is invoked for matters requiring jurisdiction-specific advice, urgent deadlines, or criminal/family cases where generic guidance can mislead users into relying on incomplete or inapplicable information.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill states it 'maintains a complete calendar for your case,' implying collection and ongoing handling of highly sensitive legal, personal, and procedural data without any accompanying privacy, minimization, retention, or security guidance. Legal case calendars can reveal case type, parties, court dates, attorney relationships, and strategy milestones, so mishandling this data could expose privileged or highly sensitive information and materially harm the user’s case.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.