Grant

Security checks across malware telemetry and agentic risk

Overview

This is a text-only grant-planning skill with no code, credentials, persistence, or privileged access.

Before installing, understand that this skill may activate for broad funding-related questions. Verify eligibility, deadlines, and requirements from official funder sources, and review any generated application text before sharing personal, financial, or business-sensitive information.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger description is broad enough to activate on many generic funding or grant-related requests, which can cause the skill to run in situations where the user did not specifically intend grant-application assistance. Over-broad invocation increases the chance of inappropriate context capture, irrelevant guidance, or routing users away from more suitable domain-specific skills, especially in multi-skill agent environments.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal