Supply Chain & Logistics Intelligencel

Security checks across malware telemetry and agentic risk

Overview

This is a non-executable supply-chain research skill that points agents to logistics data sources and does not request sensitive access or persistence.

This skill appears safe to install for logistics research. Users should be aware that it may activate on broad business queries and that some listed data sources may require separate access or licensing; verify freshness and source permissions before relying on operational recommendations.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger list includes broad business phrases such as "inventory management," "customs clearance," and "warehouse location," which can match ordinary enterprise requests outside the intended scope. This can cause unintended skill activation, leading users to receive logistics-specific guidance when they expected a different tool, increasing confusion and potentially exposing unnecessary data retrieval or external-source usage.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal