Back to skill

Security audit

AC Buying Consultant

Security checks across malware telemetry and agentic risk

Overview

This is a prompt-only AC buying guide with a real sizing-quality issue, but it does not request sensitive access or perform actions.

Before installing, treat the skill as general shopping guidance, not professional HVAC design. Ask it to show calculations and verify capacity against local installer guidance, manufacturer specs, and current energy-label rules before buying. The publisher should correct the inconsistent sizing example and remove unsupported capability tags.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The example calculation is materially inconsistent with the sizing formula defined earlier: 168 sq ft × 25 BTU/sq ft should yield 4,200 BTU by the document's math, but that baseline is itself far too low relative to the rest of the guide and then jumps to a 1.0 ton recommendation without a coherent derivation. In a consumer purchasing skill, inconsistent sizing logic can cause users to buy the wrong-capacity AC, leading to financial loss, inadequate cooling, excess energy use, and accelerated equipment wear.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.