Sensors Analytics Doc Gen

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent document-generation helper for converting Sensors Analytics manuals into Feishu documents, with no hidden code or destructive behavior found.

Install this if you are comfortable letting the agent fetch Sensors Analytics manual pages and create Feishu documents in your workspace. Use official manual.sensorsdata.cn links, review the generated document before sharing, and check Feishu permissions on any created document.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger phrases are broad enough to match ordinary requests about creating manuals or generating documentation, which can cause the skill to activate outside its intended Sensors Analytics scope. That increases the chance of unintended tool use such as fetching external content or creating Feishu documents for unrelated prompts, leading to confusing behavior and possible data-handling risks.

Natural-Language Policy Violations

Medium

Confidence: 84% confidence
Finding: The skill metadata and behavior assume Chinese output without checking the user's language preference. While not a classic security flaw, this can degrade user understanding of confirmations, prompts, and generated content, which in turn may cause users to approve actions or documents they do not fully understand.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal