Back to skill

Security audit

Estimate Builder

Security checks across malware telemetry and agentic risk

Overview

This skill is a local construction estimate helper with proportionate file access for exporting spreadsheets.

Install if you want a construction estimating assistant and trust the publisher. Because it can write spreadsheet files, choose export paths deliberately and avoid overwriting important files; specify a non-USD currency when needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Natural-Language Policy Violations

Low
Confidence
83% confidence
Finding
The instruction "Use USD unless user specifies otherwise" imposes a locale/currency default on all users. Under the policy, language or locale constraints should be user-selected or clearly justified; this file does not provide a justification for defaulting to USD.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.