Back to skill

Security audit

Bid Proposal

Security checks across malware telemetry and agentic risk

Overview

This is a coherent bid-proposal writing skill that uses local documents and security-service reference material for its stated purpose, though users should confirm sensitive uploads and treat the security-testing language as proposal text only.

Install only if you intend to use it for bid/proposal drafting with security-service material. Confirm before letting it process .docx uploads, avoid importing unrelated or confidential files into the material library, and review generated penetration-testing or incident-response language so it clearly requires written authorization, approved scope, change control, rollback planning, and business-impact review.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill instructs the agent to read uploaded files, scan local directories, write JSON state into `bids/`, import arbitrary files into `material-lib/`, and invoke shell/Python scripts, yet no explicit permissions are declared. That mismatch creates hidden capability expansion: a user or attacker can trigger filesystem and command execution behavior that is not transparently bounded by the manifest, increasing the risk of unintended file access, overwrite, or script abuse.

Description-Behavior Mismatch

Medium
Confidence
86% confidence
Finding
This template goes beyond passive bid-writing material and embeds operational security execution content, including monitoring, response, blocking, and deployment-oriented workflows. In an agent skill intended for proposal drafting, such embedded guidance can be repurposed to generate actionable security operations instructions that exceed the skill’s stated purpose and increase misuse risk.

Context-Inappropriate Capability

High
Confidence
95% confidence
Finding
This section contains unusually detailed offensive and dual-use content for a bid-writing skill, including penetration workflow, privilege escalation, lateral movement, attack methods, evasion references, and exploitation-oriented testing detail. Even if framed as legitimate security services, exposing this level of procedural content through a writing assistant materially lowers the barrier to generating harmful attack guidance.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The template describes active blocking, isolation, and shutdown-style response actions that can affect live systems, but these are presented as reusable execution content inside a proposal-writing asset. In skill context, this can lead the agent to produce operationally risky instructions or normalize disruptive actions without sufficient authorization, safeguards, or environment validation.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrase `写投标方案` is broad enough to match ordinary conversation and can cause the skill to activate when the user did not intend to invoke it. Because this skill performs file access, state restoration, and document-generation workflows, accidental activation can expose local project data or start modifying files without sufficiently explicit user consent.

Vague Triggers

Medium
Confidence
94% confidence
Finding
Automatically triggering on any uploaded `.docx` in chat is insufficiently scoped and may process unrelated documents without clear intent. In this skill, auto-processing a document can lead to file reads, requirement parsing, local state changes, and later output generation, so an unrelated upload could unintentionally disclose contents or kick off sensitive workflows.

Missing User Warnings

Medium
Confidence
77% confidence
Finding
The material describes high-impact security testing and states that system control may be obtained, but the warning model is weak and buried inside procedural prose rather than prominently presented as an up-front user-facing safety notice. In a skill setting, this increases the chance that risky testing language is reproduced without clear caveats about service disruption, data loss, authorization, and containment requirements.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
Real-time blocking, shutdown, and isolation actions are described without a strong, immediately visible warning about potential business interruption and recovery implications. Because the file is used by a content-generating skill, this omission can cause the agent to surface disruptive response steps as routine deliverables without emphasizing prerequisite approvals and operational risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.