Back to skill

Security audit

Change Management Ecn Dcn

Security checks across malware telemetry and agentic risk

Overview

This skill is a document-generation workflow for ECN/DCN change records, with no evidence of hidden data access, destructive behavior, or credential use.

Before installing, treat this as a workflow aid for drafting controlled ECN/DCN records, not a replacement for your official approval or document-control system. Confirm where generated TXT/Markdown files will be written, and avoid overwriting existing controlled records unless that is intentional.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Low
Confidence
89% confidence
Finding
The skill explicitly states that it will generate TXT and Markdown outputs in the user's current working directory, with an optional output directory, but it does not warn about file creation, possible overwrite behavior, or the exact paths that will be written. This can lead to unintended file placement or accidental overwriting of existing records, especially in shared or sensitive working directories.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.