Back to skill

Security audit

Npi Quality Gate

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed, chat-only NPI quality gate advisor with no install scripts or data access; its main caveat is broad activation on common stage terms.

This skill is reasonable to install for conversational NPI gate readiness reviews. Users should keep final release/signature decisions with responsible owners, share only the excerpts needed for the current stage, and clarify when EVT/DVT/PVT terms are being discussed outside a gate-review context.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
82% confidence
Finding
The trigger list is broad enough that common mentions of NPI-related terms like EVT, DVT, PVT, or generic '放行' discussions could activate the skill outside a clearly scoped gate-review context. This can cause unintended routing and over-application of the skill's advice, which may confuse users or displace a more appropriate workflow, though the skill's explicit boundaries and lack of execution capability limit the security severity.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.