Back to skill

Security audit

Vague Requirement Unpacker

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent product-management helper that turns vague business requests into structured alignment materials, with only limited, disclosed handoff behavior.

Safe to install for PM requirement unpacking. Avoid pasting confidential business plans or customer data unless you are comfortable using them in generated outputs and in any optional handoff to another PM review skill; redact sensitive details before asking for review simulation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Missing User Warnings

Low
Confidence
90% confidence
Finding
The playbook instructs the agent to hand off L2/L3 outputs to another skill when certain trigger phrases appear, but it does not require explicit user confirmation or warn that previously generated requirement content will be forwarded. This creates a cross-skill data-sharing path that could expose sensitive business context, internal plans, or draft requirements beyond the user's expectation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.