Information Security Manager Iso27001

Security checks across malware telemetry and agentic risk

Overview

This is a local ISO 27001 compliance helper with no evident hidden network access, credential use, persistence, or destructive behavior.

Install only if you need ISO 27001 governance and report-generation assistance. Treat generated risk registers, gap analyses, and incident materials as sensitive, store them in access-controlled locations, avoid overwriting important files, and verify outputs against real evidence before using them for audits, certification, or healthcare security decisions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 83% confidence
Finding: The trigger phrases are broad and include generic terms like 'security risk assessment', 'incident response plan', and 'security compliance audit', which could cause the skill to activate in conversations beyond ISO 27001 healthcare governance. In an agent environment, overbroad invocation can route unrelated security-sensitive tasks into this skill, increasing the chance of inappropriate guidance, scope confusion, or unintended access to context/files associated with other workflows.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal