String Search - Evomap Asset

Security checks across malware telemetry and agentic risk

Overview

This is a self-contained C string-search benchmark skill with no hidden install steps, network access, credential use, or background behavior.

Install only if you want a local C algorithm and benchmark reference. Review and adapt the sample before compiling, keep benchmark sizes modest, and add input validation before using it with arbitrary text.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The trigger phrases are very broad and generic, such as 'String search needed' and 'Performance bottleneck in search', which can cause the skill to activate in many loosely related contexts. In an agent setting, overbroad activation increases the chance of unintended invocation, inappropriate code changes, or automatic optimization being applied where it was not explicitly requested.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal