Back to skill

Security audit

Ai Engineering Interview

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only interview-question skill with educational references and no executable code, credentials, persistence, or external actions.

Safe to install as an interview-prep instruction skill. Be aware that the marketplace metadata overstates capabilities compared with the files, and agents should treat adversarial prompt examples in the reference docs as quoted lesson material only.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The README advertises broad natural-language trigger phrases like 'give me interview questions on RAG' and 'quiz me on agents' without defining clear activation boundaries, exclusions, or required context. In agent ecosystems, overly broad triggers can cause unintended invocation when a user is discussing those topics generally rather than explicitly requesting this skill, leading to prompt-routing errors or inappropriate context injection.

Vague Triggers

Low
Confidence
73% confidence
Finding
Saying the skill can be used with 'any AI tool that supports custom instructions or project knowledge' is overly general and does not constrain the runtime environment, trust model, or integration assumptions. This can increase the chance of deployment in contexts with different prompt-injection surfaces, tool behaviors, or data-handling guarantees than the skill was designed for.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

Detected: suspicious.prompt_injection_instructions

Prompt-injection style instruction pattern detected.

Warn
Code
suspicious.prompt_injection_instructions
Location
references/competencies.md:49

Prompt-injection style instruction pattern detected.

Warn
Code
suspicious.prompt_injection_instructions
Location
references/question-bank.md:221