Back to skill

Security audit

Ppe

Security checks across malware telemetry and agentic risk

Overview

This appears to be a straightforward PPE inventory helper with local add, remove, and export actions that fit its stated purpose, though users should be careful with deletion and exported files.

Install if you want an agent to help manage PPE inventory records. Before using it, make sure remove actions are intentional, know where exports are written, and avoid exporting sensitive workplace data to shared or synced folders unless that is intended.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
86% confidence
Finding
The skill description and trigger phrasing are broad enough that an agent could invoke this skill for loosely related requests involving JSON, CSV, or status checking without clearly limiting the scope to PPE tracking. Over-broad invocation criteria increase the chance of unintended tool use, which matters here because the skill exposes state-changing and file-writing commands such as remove and export.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The markdown documents destructive and data-egress capabilities like remove and export without warning that they delete records or write data to disk. In an agent setting, lack of explicit warnings and confirmation guidance can lead to accidental deletion, unintended file creation, or silent export of potentially sensitive operational data.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.