Back to skill

Security audit

Ipd Consultant

Security checks across malware telemetry and agentic risk

Overview

This is a Markdown-only IPD consulting skill with disclosed conversational guidance and no evidence of hidden execution, data exfiltration, persistence, or destructive behavior.

Before installing, understand that this skill may activate for some general product or cross-department planning questions, but its artifacts show a bounded conversational advisor. Do not paste sensitive full project documents unless needed; the skill itself instructs the agent to use only information relevant to the current IPD node.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
85% confidence
Finding
The trigger list includes several broad, conversational phrases such as '立项是与否', '能不能进开发', '跨部门协同推不动', and '需求怎么对齐', which could match ordinary business discussions outside the intended IPD context. This can cause accidental skill activation, leading the agent to apply specialized IPD guidance in unrelated situations and potentially confusing users or crowding out a more appropriate skill.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.