Back to skill

Security audit

8D报告评价技能

Security checks across malware telemetry and agentic risk

Overview

This skill locally parses user-provided 8D reports for quality review, with no hidden network use, persistence, credential access, or destructive behavior found.

Install only if you are comfortable having uploaded 8D reports parsed and shown back in the conversation. These reports may contain customer, supplier, defect, or internal process details, so redact sensitive fields first when needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill instructs the agent to parse uploaded reports from the working directory and present the cleaned full contents back to the user, but it provides no safeguards for sensitive data that 8D reports often contain, such as customer names, supplier details, defect evidence, and internal process data. In this context, full-document extraction and echoing increase the chance of overexposing confidential business or personal information beyond what is necessary for analysis.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.