Back to skill

Security audit

Capa Management

Security checks across malware telemetry and agentic risk

Overview

This skill is a CAPA quality-management report assistant with no evidence of hidden data access, persistence, or destructive behavior.

Installers should expect a Chinese CAPA report-writing assistant that may enforce a fixed workflow and Chinese output. Confirm the desired output directory before generating files, and be aware that referenced helper resources are not included in the inspected artifact.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
The skill explicitly enforces Chinese-only output ('全中文文档'), which can override user language preferences and reduce accessibility or usability for operators, auditors, or downstream systems expecting another language. While not a code-execution or data-exfiltration issue, it is a genuine policy/usability vulnerability because rigid output-language constraints can cause misunderstandings, failed handoffs, or compliance friction in multilingual environments.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.