Back to skill

Security audit

ESG报告技能

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed local ESG report workflow that processes user-provided data and generates validation, chart, PDF, or HTML outputs without hidden network, credential, or persistence behavior.

Install only if you want a local ESG reporting helper. Review company data before using it, verify generated ESG claims before publication, and install the listed Python dependencies from trusted package sources.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger conditions are broad enough that the skill could activate for loosely related requests about ESG, reporting, or sustainability analysis without sufficient scoping. In an agent environment, over-broad activation can cause the system to invoke file-processing and report-generation workflows in unintended contexts, increasing the chance of unnecessary data access, incorrect automation, or user confusion.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.