CorpusGraph Document ETL and entity relationship engine for AI agents

Security checks across malware telemetry and agentic risk

Overview

CorpusGraph is a disclosed document-processing integration that uses Ingestigate credentials and APIs to ingest, search, extract entities, and graph relationships from user documents.

Install only if you are comfortable sending the selected documents to Ingestigate for ETL, indexing, entity extraction, and graph analysis. Configure credentials only in secure skill settings, avoid sensitive or regulated corpora unless your organization has approved the provider terms, and treat the remote guide as API documentation rather than permission for actions the user did not request.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The skill explicitly promotes uploading and processing user documents with an external third-party service, but it does not instruct the agent to obtain user consent or clearly disclose that document contents may leave the host environment. This creates a real privacy and data-handling risk, especially for sensitive corpora, because users may not realize their files are being transferred off-platform for ETL and entity extraction.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal