Back to skill

Security audit

Proposal

Security checks across malware telemetry and agentic risk

Overview

This is a proposal-writing helper with only markdown/JSON instructions and no code, credentials, persistence, or hidden access.

Safe to install as a proposal drafting aid. Still review generated pricing, legal terms, commitments, and client-facing claims before sending, especially for regulated, high-value, or contract-sensitive deals.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrase at line 31 is broad enough to match common business requests that may not specifically seek this skill, increasing the chance of unintended invocation. Over-broad activation can cause the agent to steer users into proposal-generation workflows when they wanted general advice, creating prompt-routing confusion and possible context leakage across skills.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger set is loosely scoped and includes ambiguous business phrases, which raises the risk that ordinary conversations about pricing, scope, or client work will activate the skill unexpectedly. In an agent environment, this can misroute user requests, override more appropriate skills, and increase the chance of unnecessary exposure of conversation context to a skill not explicitly intended by the user.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.