hk-insurance-news

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only skill for drafting weekly Hong Kong insurance news posts from public sources, with no code, install hooks, credential use, or publishing access.

Reasonable to install for drafting public-news summaries. Review facts, source reliability, image rights, and any remote image links before publishing, and avoid adding automatic posting credentials unless there is a separate explicit approval step.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill explicitly instructs the agent to collect and embed images from local paths or remote URLs, but provides no warning, consent step, or restrictions around external resource loading. This can cause clients rendering the Markdown to make unintended network requests, leaking reader IP/user-agent or exposing local file references if the environment resolves local paths automatically.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal