Sec Audit Cn

Security checks across malware telemetry and agentic risk

Overview

This is a security-audit guidance skill with broad activation keywords, but no evidence of hidden execution, persistence, data theft, or destructive behavior.

Install this if you want a security-review assistant for code and configuration work. Be aware that its activation keywords are broad, so it may appear in some general security conversations; use it deliberately and avoid pasting real secrets unless you intentionally want them reviewed in your local agent context.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger list contains broad security-related terms that can cause the skill to activate in contexts the user did not explicitly intend. In a security-audit skill, over-triggering is risky because it may inject region-specific or security-review behavior into unrelated conversations, creating prompt-routing confusion and increasing exposure to adversarial prompt abuse.

Vague Triggers

Low

Confidence: 84% confidence
Finding: Additional trigger terms are also broad and ambiguous, which increases the chance of unintended invocation. While this is less severe than direct code execution, misrouting to a security-specialist skill can alter system behavior, produce irrelevant output, or widen the attack surface for prompt-injection attempts.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal