Industry News Agent

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a disclosed news-digest automation tool, with its scheduled cron use aligned to the stated purpose.

Before enabling the cron job, review the digest prompt and scripts, confirm the network sources and delivery target are what you expect, and only provide API keys needed for sources you actually use. If you do not want background activity, use the skill manually and do not add the scheduled task.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill tells users to install a daily cron job that will execute unattended, but it does not prominently warn that this creates persistent scheduled execution. Unattended recurring execution increases risk because future script changes, compromised RSS handling, or misconfiguration could repeatedly trigger network activity without the user's active awareness.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal