Back to skill

Security audit

IATF16949质量管理体系策划

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only quality-management planning skill with no evident executable, network, credential, persistence, or destructive behavior.

Use this as planning and drafting support, not as a substitute for qualified auditors, legal/regulatory review, customer-specific requirements, or an accredited certification body. Review generated templates carefully before adopting them in an actual quality system.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger conditions are broad ('体系建设需求 | 认证准备 | 过程优化 | 审核策划 | 标准差距分析') and do not define clear boundaries for when the skill should or should not activate. This can cause unintended invocation, overbroad assistance, or the skill being selected for adjacent tasks it was not designed to handle, increasing the chance of misleading guidance in compliance-sensitive workflows.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.