Back to skill

Security audit

ISO9001质量管理体系文件生成

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed ISO9001 document generator that stores business profile details locally for reuse, so it is coherent but needs privacy awareness.

Before installing, be aware that the skill stores company name, scope, organization structure, responsibilities, and business process details in enterprise-info.json in the workspace. Remove that file when no longer needed or when switching organizations, and review generated documents before using them operationally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Intent-Code Divergence

Medium
Confidence
99% confidence
Finding
The script calls main() twice in the __main__ block, so a single invocation performs the full document-generation workflow two times. This can overwrite the same output file twice, duplicate side effects, and cause unexpected behavior or denial of service when processing large inputs or expensive document operations.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill instructs persistent storage of enterprise information in './enterprise-info.json' inside the workspace without an explicit privacy notice, retention limit, consent flow, or handling guidance for potentially sensitive business data. This creates a real confidentiality risk because later users or later sessions may inherit access to prior organization details, including structure, responsibilities, and business processes.

Ssd 3

Medium
Confidence
96% confidence
Finding
The skill explicitly persists all enterprise information and reuses it in future interactions, which can expose prior users' business details to later sessions without fresh sensitivity checks or audience validation. In the context of enterprise QMS generation, the archived data may include organizational structure, responsibilities, process maps, and operational details that are commercially sensitive even if not obviously personal data.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.