Back to skill

Security audit

External Audit Response

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed audit-preparation assistant that creates local checklist documents and does not show hidden, destructive, or data-exfiltrating behavior.

Installers should expect this skill to generate local TXT and MD audit-preparation files. Use it in a dedicated folder if the contents may be sensitive, and check for existing same-date filenames before generating reports.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Low
Confidence
92% confidence
Finding
The skill explicitly states it will write multiple TXT/MD files into the user's working directory, but it does not warn about local file creation, possible overwrites, or require confirmation before doing so. This creates a real but low-severity safety issue because unexpected filesystem writes can overwrite user files or leave sensitive audit-preparation artifacts on disk without clear user consent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.