Incident Commander

Security checks across malware telemetry and agentic risk

Overview

This skill is a non-executable incident-response guide, with only a minor risk that broad example wording could activate it when the user did not intend that workflow.

Install if you want structured incident-response assistance. Use explicit phrasing when invoking it, and treat generated stakeholder updates or timelines as drafts that a human incident lead should review before posting.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The example trigger phrase "We have a production incident — help me manage it" is broad natural language that could plausibly appear in normal conversation, causing the skill to activate unintentionally in contexts where the user did not explicitly want this incident-response workflow. In an operational setting, accidental invocation can derail the assistant into structured incident-command behavior, create confusion during urgent situations, and interfere with higher-priority or more context-appropriate instructions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal