企业-高管战略意图分析

Security checks across malware telemetry and agentic risk

Overview

This is a single-file skill for researching public executive statements and generating visit talking points, with no code, credential handling, persistence, or hidden install behavior.

Install only if you are comfortable with the agent doing web research about executives and producing persuasive business-development talking points. Ask it to cite every factual claim, avoid private or unverifiable sources, and label any inference clearly instead of presenting it as confirmed intelligence.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Intent-Code Divergence

Medium

Confidence: 96% confidence
Finding: The skill promises analysis based on recent public statements with sourced references, but the example output introduces an unsupported inference from an 'internal letter' and presents it as part of the analysis. This encourages fabrication or use of non-public information, which can mislead users into acting on unverifiable intelligence and creates pressure for the model to invent evidence when public data is sparse.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal