Cloud Tag Enforcer

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed cloud tagging audit/remediation guide, but users should review any generated tag-change scripts before running them.

Before installing or using this skill, confirm the active cloud account, project, or subscription and prefer read-only credentials for discovery. Treat generated remediation scripts as production-impacting change plans: replace placeholder values, narrow the resource scope, review with resource owners, and run through normal approval or change-window processes before applying tags.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill explicitly generates executable bulk remediation scripts that modify live cloud resources across AWS and GCP, including placeholder tag application at scale. Although it says to review before running, the warning is minimal and the surrounding guidance operationalizes mass changes, which can cause governance errors, overwrite intended workflows, break automation that depends on tags, or create broad unintended production changes if an agent executes the commands automatically.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal