Back to skill

Security audit

8D报告技能

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent 8D quality-report assistant that collects report details and optional contact information, with no evidence of hidden execution, exfiltration, or destructive behavior.

Before installing, treat generated reports as potentially sensitive business documents. Avoid unnecessary personal contact details, use role placeholders where possible, and review any Word report before sharing outside the intended quality-management audience.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger examples are broad enough to overlap with common requests like '生成8D报告' or '编写质量问题分析报告', which can cause the skill to activate in situations where the user did not intend this specialized workflow. Because the skill then begins structured collection of operational and personal data, accidental invocation can lead to unnecessary data exposure and workflow confusion.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly collects and exports personal data such as names, phone numbers, and email addresses into a report, but it does not warn users that sensitive personal information will be processed and written to a downloadable document. In a quality-management setting this increases privacy and compliance risk, especially if the generated Word file is shared broadly or stored insecurely.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.