Back to skill

Security audit

bidding-analyzer

Security checks across malware telemetry and agentic risk

Overview

This is a prompt-only bidding analysis skill whose sensitive inputs are relevant to its purpose, but users should be careful about what business and competitor information they provide.

Install only if you are comfortable using it for bid preparation. Provide excerpts or pre-filtered RAG snippets where possible, redact personal data, secrets, proprietary pricing, customer-confidential material, and trade secrets, and have a responsible bid owner review any scoring, win-probability, risk, or strategy output before relying on it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README explicitly instructs users to upload tender documents and company knowledge bases, which commonly contain confidential procurement details, pricing, internal capabilities, and regulated business information, but provides no warning about data sensitivity, minimization, or handling controls. In a skill designed for bid analysis, this omission materially increases the likelihood of unnecessary disclosure of sensitive commercial data to the system or downstream components.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README encourages providing competitor knowledge bases and industry reports for comparative analysis without any caution about lawful collection, licensing, confidentiality, or third-party sensitive data. In the procurement context, this can prompt users to submit non-public competitor materials or improperly obtained intelligence, creating legal, confidentiality, and misuse risks.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.