Case Study Builder

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only case-study writing helper; its main risk is that users may choose to share sensitive client details while using it.

Before installing or using this skill, avoid pasting confidential client names, NDA-covered facts, personal data, or internal metrics unless you are authorized to use them in a case study. Prefer anonymized descriptors and review any generated copy before publishing.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill explicitly prompts users to provide client identity, project problems, scope, outcomes, and memorable moments without first warning them not to share confidential, NDA-protected, or personal information. In practice, this can lead users to disclose sensitive commercial details, client names, internal metrics, or restricted project context into the agent workflow, creating confidentiality and data-handling risk.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal