Qsr Daily Ops Monitor

Security checks across malware telemetry and agentic risk

Overview

This is a coherent restaurant operations checklist skill, with the main consideration being that it stores ongoing check history with employee/respondent details.

Before installing, decide who may respond to checks and receive weekly summaries, tell staff what will be logged, minimize personal notes where possible, and set your own retention/deletion practice for stored check history. Disable the scheduled checks when the workflow is no longer needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill explicitly instructs the agent to store completed checks in memory with respondent names/roles and free-form operational notes, but it does not clearly warn users about ongoing retention, scope, duration, or who can later access that data. Because this data is collected continuously and can include employee-identifying information and sensitive operational details, unnoticed retention increases privacy, employment, and business confidentiality risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal