INSP 公司 HR 知识库

Security checks across malware telemetry and agentic risk

Overview

This HR knowledge skill is not executable, but it exposes internal company information including WiFi access details without visible access controls.

Install only in a controlled internal INSP environment where access is limited to authorized employees. Before broader sharing, remove and rotate the WiFi password and move sensitive HR, finance, and infrastructure details behind an authenticated company system.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Ssd 3

High

Confidence: 99% confidence
Finding: The skill embeds a live internal WiFi SSID and password directly in the markdown, which exposes company access credentials to anyone who can invoke or inspect the skill. Because the skill is designed for broad employee HR queries, the credential can be surfaced in ordinary conversation and potentially leaked beyond intended recipients, enabling unauthorized network access and follow-on compromise.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal