ESG Sustainability Analyzer

Security checks across malware telemetry and agentic risk

Overview

This is a plain ESG analysis guide with no executable code or hidden behavior, though users should be careful with sensitive company data.

Use this skill only with ESG data you are authorized to process. Prefer public filings or redacted documents, avoid unnecessary personal or confidential business data, and independently verify regulatory conclusions because reporting frameworks and climate disclosure rules change over time.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill explicitly instructs collection and analysis of company disclosures, uploaded documents, and URLs, which commonly contain confidential business information, employee data, and regulated disclosures. Omitting a clear warning about sensitive data handling increases the chance users will provide proprietary or personal data without understanding privacy, retention, or sharing risks.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal