Report Summary Builder

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed report summarizer that reads daily work reports and saves weekly or monthly summaries in fixed report folders.

Install only if /data/reports/daily/ is the intended source for daily reports, review generated summaries before sharing them, and enable the optional Cron commands only if you want scheduled automatic report creation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 83% confidence
Finding: The trigger phrases are broad enough to match normal conversational requests, which can cause the skill to activate unexpectedly. Because the skill reads from `/data/reports/daily/` and writes output files automatically, unintended invocation could lead to unauthorized file access or modification relative to the user's expectation.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill explicitly saves Markdown files but does not require prior user awareness or confirmation that persistent files will be created or overwritten. In an agent environment, silent writes are dangerous because they can change user data or create artifacts the user did not intend, especially when combined with broad auto-invocation rules.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal