落地鸿沟补全器

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill is coherent with its stated purpose, but it will create persistent workspace documents that users should review.

Before using it, confirm the target agent workspace and review planned file paths and generated content, especially anything under memory or skills directories. Do not include secrets or private data in saved handoff documents unless you intentionally want future agent sessions to use them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill explicitly directs the agent to write documents into a target agent workspace, but it does not require user confirmation, preview, or clear warning before modifying files. In an agentic environment, this can cause unauthorized or unexpected persistence, overwrite existing project artifacts, and blur boundaries between planning assistance and state-changing actions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal