Nm Cartograph Data Flow

Security checks across malware telemetry and agentic risk

Overview

This skill is a documentation helper for creating Mermaid data-flow diagrams and its codebase exploration/rendering steps are disclosed and aligned with that purpose.

Install if you want an assistant workflow for producing data-flow diagrams. Use it with a clear scope, and avoid rendering diagrams through external MCP services when the diagram text would reveal sensitive internal architecture.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The trigger phrase is very broad and can activate on generic requests about tracing flows or documenting pipelines, which increases the chance the skill runs in situations the user did not explicitly intend. While the skill itself is documentation-oriented and does not contain obviously dangerous instructions, overbroad activation can cause unnecessary codebase exploration and external tool invocation, expanding exposure of repository structure and data-flow details.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal