Supply Chain Intelligence

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward supply-chain analysis prompt with disclosed business-data and web/data-analysis capabilities, and no executable code or hidden persistence.

Before using this skill with real company data, confirm that supplier, shipment, procurement, and ERP/TMS information can be shared with the agent and any configured external services under your organization's data-handling rules.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill explicitly states it integrates with ERP systems, TMS platforms, freight APIs, and public trade databases, which implies potentially sensitive operational, supplier, shipment, and procurement data may be sent to external services. Without a clear privacy and data-sharing warning, users may provide confidential business data without understanding what leaves their environment, increasing the risk of unintended disclosure, compliance issues, and third-party exposure.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal