CSP Policy Generator

Security checks across malware telemetry and agentic risk

Overview

This skill is an instruction-only helper for building CSP headers, with disclosed network fetch examples that fit its security-analysis purpose.

Install only if you want an agent to help inspect web pages and draft CSP headers. Use it on sites you own or are authorized to test, review any fetched host before running commands, and deploy generated policies in report-only mode before enforcement.

SkillSpector

By NVIDIA

Vulnerability Patterns

Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

External Script Fetching

High

Category: Supply Chain
Content: ```bash # Fetch the page and extract all resource URLs curl -sL "https://$HOST" | python3 -c " import sys, re from urllib.parse import urlparse html = sys.stdin.read()
Confidence: 94% confidence
Finding: curl -sL "https://$HOST" | python

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal