Security audit

AC Buying Consultant

Security checks across malware telemetry and agentic risk

Overview

This is a prompt-only AC buying guide with a real sizing-quality issue, but it does not request sensitive access or perform actions.

Before installing, treat the skill as general shopping guidance, not professional HVAC design. Ask it to show calculations and verify capacity against local installer guidance, manufacturer specs, and current energy-label rules before buying. The publisher should correct the inconsistent sizing example and remove unsupported capability tags.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The example calculation is materially inconsistent with the sizing formula defined earlier: 168 sq ft × 25 BTU/sq ft should yield 4,200 BTU by the document's math, but that baseline is itself far too low relative to the rest of the guide and then jumps to a 1.0 ton recommendation without a coherent derivation. In a consumer purchasing skill, inconsistent sizing logic can cause users to buy the wrong-capacity AC, leading to financial loss, inadequate cooling, excess energy use, and accelerated equipment wear.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.