Agent Security Audit

Security checks across malware telemetry and agentic risk

Overview

This is a mostly coherent security-checklist skill with example defensive scripts, though it includes one unrelated promotional external link users should treat cautiously.

Install only if you want a defensive prompt-injection checklist. Treat all code blocks as examples, require user approval before fetching URLs or writing files, avoid privileged log paths unless necessary, and do not rely on the promotional external link as vetted security guidance.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Context-Inappropriate Capability

Medium

Confidence: 92% confidence
Finding: The skill ends with promotional content for an external service that is unrelated to the checklist’s stated defensive purpose. While not an exploit by itself, embedding marketing links in a security skill expands trust boundaries and can nudge users toward off-platform resources that have not been validated, which is inappropriate in security-sensitive guidance.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal