Back to skill

Security audit

Cross-Pollination Engine

Security checks across malware telemetry and agentic risk

Overview

This appears to be a documentation-only creative problem-solving skill with minor invocation and privacy caveats, not a system-access or data-access risk.

Safe to install for brainstorming use. Treat its examples as idea prompts, not compliance advice, and apply privacy, consent, and secure-channel requirements when ideas involve children, healthcare, education, or other sensitive contexts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill description contains several broad, conversational trigger phrases such as 'think outside the box', 'different industry', and 'what can we learn from' that may appear in many normal user requests. This can cause unintended invocation of the skill, leading the agent to apply this workflow when the user did not explicitly want it, which may distort responses or override better-matched skills.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The example recommends proactive photo/text updates and direct caregiver communication about a child without mentioning consent, authorized recipients, data minimization, or secure messaging. In a childcare context, this can normalize sharing sensitive child information through informal channels, increasing the risk of privacy violations, disclosure to unauthorized parties, and noncompliance with child-data protection requirements.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.