Eu Ai Compliance

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only EU AI Act compliance helper that clearly points users to SputnikX web/API services, including disclosed paid endpoints, without hidden code or local access.

Install only if you are comfortable using the listed SputnikX compliance service. Confirm the exact endpoint, data being sent, and any x402 USDC charge before calling paid report endpoints, and avoid submitting sensitive internal AI-system details unless the provider's terms meet your privacy and compliance needs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The skill's invocation guidance is broad enough that it may be selected for generic compliance or audit-related prompts, causing unnecessary routing to a third-party compliance service. This increases the chance that users send sensitive business, model, or regulatory information to an external endpoint when they only asked for general advice, creating privacy, data-governance, and overreach risks.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal