Back to skill

Security audit

Lesson Learned

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward lesson-learned documentation helper, with the main caution that its generated files may contain internal project or personnel details.

Use this skill for internal lesson-learned records, but redact unnecessary names, supplier details, incident specifics, or confidential project information before generating or sharing the .md and .txt outputs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Low
Confidence
90% confidence
Finding
The skill explicitly captures project background, time, location, involved personnel, root causes, responsibilities, and status, then generates persistent .md and .txt files, but it does not warn users that these outputs may contain sensitive operational or personal data. This creates a real privacy and confidentiality risk because users may unknowingly store or share lesson-learned records containing employee identifiers, internal quality issues, supplier information, or incident details in broadly accessible locations.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.