Back to skill

Security audit

Data Analysis Reporting

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only data analysis skill with clear safety boundaries; the main issue is unmasked mock PII in a test prompt.

Reasonable to install as an instruction-only analysis helper. Avoid pasting real PII, secrets, or sensitive production data unless you are comfortable putting it in the chat. The publisher should replace the unmasked SSN-style test values with clearly synthetic or redacted placeholders and fix the unrelated crypto/purchase metadata tags.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The file includes realistic-looking PII fields, including SSNs, directly in test content without prior sanitization or a prominent warning. Even though this is test data, embedding sensitive-pattern examples in reusable references can normalize unsafe handling, increase accidental disclosure risk in logs or outputs, and expose downstream systems or reviewers to unnecessary sensitive data processing.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.