Data Boundary

Security checks across malware telemetry and agentic risk

Overview

This skill locally parses user-selected CSV/JSON files into bounded summaries, and I found no hidden network, credential, persistence, or destructive behavior.

Install this if you want CSV/JSON files parsed through a safer boundary before analysis. Keep the default limits unless you need more detail, and do not use it on sensitive exports unless you are comfortable with file paths, sampled values, schema, and alerts entering the assistant context.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: Enabling implicit invocation without any explicit trigger constraints can cause the skill to activate in situations broader than intended, including on inputs that merely resemble CSV/JSON analysis requests. Because this skill is specifically designed to process untrusted data, ambiguous auto-activation expands the attack surface and may let adversarial prompts steer the agent into using the tool boundary unexpectedly or in inappropriate contexts.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal