Back to skill

Security audit

Data Lineage Tracker

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent data-lineage helper, with normal cautions around filesystem access and sensitive audit exports.

Install if you are comfortable allowing the agent to work with user-selected project data and create lineage exports. Review and store exports carefully because they may reveal internal systems, owners, locations, and data-flow relationships; verify the version mismatch if exact provenance matters.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
This is a markdown file, so SQP-2 applies to omissions in the skill description. The document promotes exporting lineage data for audit use, and the implementation includes source locations, owners, entity names, and transformation metadata, but the skill description provides no warning about handling sensitive operational or compliance data.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.