Back to skill

Security audit

Csr Analyzer

Security checks across malware telemetry and agentic risk

Overview

This skill analyzes user-provided automotive quality documents for CSR classification and does not show hidden execution, exfiltration, or destructive behavior.

Before installing, be aware that the skill may activate on some generic document-review prompts with attachments. Use it for automotive quality or IATF 16949 CSR documents, and avoid uploading sensitive unrelated documents unless you explicitly want this skill to inspect them. The report file it creates may contain analysis conclusions in the working directory.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger conditions include generic phrases like “分析这份文档” and “帮我看看这份” when an attachment is present, plus broad automotive/quality context. This can cause the skill to activate for ordinary document-review requests and override a more appropriate skill, leading to misclassification, unnecessary file parsing, and unintended handling of sensitive documents.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.