Sensors Analytics Doc Gen

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only helper for turning Sensors Analytics manual links into Feishu documentation, with no hidden code or local persistence found.

Install this only if you want the agent to fetch Sensors Analytics manual pages and create Feishu docs. Use official manual.sensorsdata.cn links, avoid private or sensitive URLs, and review the generated Feishu document and sharing permissions before distributing it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Context-Inappropriate Capability

Medium

Confidence: 90% confidence
Finding: The FAQ explicitly allows handling modules outside the declared supported Sensors Analytics scope by 'taking the job first' and adapting later. This weakens scope control and can cause the skill to process arbitrary external content or user requests that were not constrained, reviewed, or covered by the documented workflow, increasing the chance of misuse, bad fetch targets, and policy bypass.

Vague Triggers

Medium

Confidence: 79% confidence
Finding: The trigger phrases include broad everyday terms like '创建手册' and '文档生成', which are not specific to Sensors Analytics. Overbroad activation can cause accidental invocation in unrelated conversations, leading the agent to fetch URLs, prompt for document generation, or create Feishu docs when the user did not intend to use this skill.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal