Back to skill

Security audit

Data Source Audit

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed construction data-audit helper that uses user-provided data and optional local report exports without hidden or destructive behavior.

Install this only for approved construction data-source audit work. Provide specific files or datasets, avoid including secrets or credentials in survey responses, and review exported Excel/CSV/JSON reports before sharing because they may contain sensitive system inventory and business-process details.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The instructions define the skill in very broad terms ('construction data processing and analytics' and 'comprehensive audit of all construction data sources and systems') without clear activation boundaries or explicit trigger conditions. This can cause the agent to invoke the skill for loosely related requests, increasing the chance of over-collection of sensitive project data, unintended file handling, or misuse of downstream functionality referenced in SKILL.md.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.