Back to skill

Security audit

User Insight Engine

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only product research skill that is scoped, evidence-gated, and does not run code or request sensitive access.

Reasonable to install for product research synthesis. Treat its outputs as hypotheses to validate, and avoid pasting sensitive customer data unless it is necessary and appropriately redacted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
## Red Flags

- Behavioral and survey data presented together without checking for Surface–Behavioral conflicts
- "User research" = interviews only; no behavioral layer
- No Deep Layer evidence ever collected for this behavior
- Interventions designed before a driver has been identified
Confidence
75% confidence
Finding
without checking

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.