Crisis Communication

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only crisis communication drafting skill with minor generic business-advisory language but no code, persistence, credential access, or hidden behavior.

Reasonable to install for drafting crisis statements and media responses. Avoid sharing unnecessary confidential crisis details, customer data, legal exposure, or unreleased company information, and have outputs reviewed by appropriate PR, legal, or leadership stakeholders before use.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Description-Behavior Mismatch

Medium

Confidence: 94% confidence
Finding: The skill manifest promises a narrowly scoped crisis-communication function, but the body expands into generic business operations, process automation, strategic decision support, and performance optimization. This scope drift can mislead routing, approval, and user trust boundaries, causing the skill to be invoked for broader tasks than reviewers or operators intended.

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal