Back to skill

Security audit

Review Business Requirement Document Skill

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent local BRD review helper that reads a user-supplied Word document and writes review outputs, with no hidden network, credential, persistence, or destructive behavior found.

Install and use this only for BRDs you are comfortable processing locally. Run the bundled Python script from the intended skill directory, consider a virtual environment for dependencies, choose an output folder deliberately for confidential documents, and delete or protect the `.review.json` if it contains sensitive BRD text.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Low
Confidence
87% confidence
Finding
The workflow directs the agent to create output files in the same folder as the source BRD by default, but it does not explicitly warn the user that files will be created there. This is a genuine safety/usability issue because it can surprise users, overwrite expectations about a clean working directory, or place derived documents in sensitive locations.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.