Back to skill

Security audit

Voc Analysis

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward customer-feedback analysis workflow with disclosed report output and no hidden or unsafe behavior found.

Before installing, consider whether the feedback you provide contains confidential customer, employee, or regulated data. Use the conversation-only output mode for sensitive analyses, or store generated Markdown/HTML reports only in approved locations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
82% confidence
Finding
The skill states that VOC applies to virtually any scenario involving user or customer feedback, but it does not define concrete activation boundaries or when the workflow should not be used. This can cause the agent to over-apply the skill in unsuitable contexts, leading to inappropriate collection, classification, or report generation from sensitive or low-quality inputs.

Missing User Warnings

Low
Confidence
74% confidence
Finding
The skill announces generation of Markdown and HTML report files but does not clearly warn the user that persistent artifacts will be created. In environments where file creation is automated, this may surprise users, expose sensitive feedback in stored outputs, or create unnecessary files containing complaint or quality data.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.