Back to skill

Security audit

APQP技能助手

Security checks across malware telemetry and agentic risk

Overview

This APQP assistant is a coherent manufacturing-quality documentation skill with disclosed, user-directed local file generation and no evidence of hidden network, credential, persistence, or destructive behavior.

Install this if you need APQP manufacturing-quality planning help. Use it in a dedicated project folder, review generated FMEA/PPAP/control-plan documents with qualified team members, and avoid giving it unrelated project files unless you intend them to be used for APQP outputs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
86% confidence
Finding
The skill instructs the agent to read reference files and write multiple generated outputs, but no permissions are declared to bound or disclose those capabilities. This creates a mismatch between documented behavior and security controls, increasing the risk of unauthorized file access or writes if the runtime infers capabilities implicitly.

Vague Triggers

Medium
Confidence
74% confidence
Finding
The broad trigger phrase 'or need project progress tracking' can cause the skill to activate in unrelated project-management conversations. Overbroad activation increases the chance that file-reading, document-generation, or workflow instructions are applied in the wrong context, which can expose data or cause unintended actions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.