industry-news-collector

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed public-news research helper and does not ask for credentials, local data access, code execution, persistence, or account changes.

Install this if you want a Chinese-language workflow for gathering and ranking public industry news. Expect multiple web searches and page fetches per request, and verify important summaries against original sources because public news pages can be incomplete, paywalled, or inaccurate.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Medium

Confidence: 95% confidence
Finding: The skill metadata explicitly states that the output should be in Chinese regardless of the user's preference. This can override user intent and system-level localization expectations, creating a policy/compliance issue and enabling confusing or inaccessible responses for users who require another language.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal