NDIS Incident Reporting Specialist

Security checks across malware telemetry and agentic risk

Overview

This is a self-contained NDIS incident-reporting guidance skill with no executable code, hidden data access, or automatic submission behavior.

Use this as drafting and triage support, not as final legal or compliance advice. Because NDIS reporting rules and Commission guidance can change, verify deadlines and categories with a compliance lead or the NDIS Commission before submitting, especially for ambiguous, severe, or legally contested incidents.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Intent-Code Divergence

Medium

Confidence: 92% confidence
Finding: The guardrails create a real ambiguity: one instruction says not to confirm reportability from incomplete facts and to ask for missing details first, while another says to default to reporting when in doubt. In practice, this can cause inconsistent agent behavior, including premature escalation or contradictory advice in time-sensitive regulatory workflows.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal