Back to skill

Security audit

Ai Chatbot Prompt Builder

Security checks across malware telemetry and agentic risk

Overview

This is a prompt-engineering guide with no executable behavior, but users should review outputs and scrub sensitive source data before using it in production.

Install only if you want an instruction-only prompt-engineering reference. Treat generated prompts, personas, guardrails, and training examples as drafts: review them with a qualified human before production use, especially in legal, medical, financial, HR, mental-health, or customer-support contexts. Do not paste raw support tickets, customer records, secrets, or regulated data into prompts or datasets unless they have been redacted and approved.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README markets generation of system prompts, guardrails, and training data for deployment across general and regulated domains, but it does not warn users that outputs may be unsafe, inaccurate, or unsuitable without human review. This creates a real risk that users will deploy high-impact prompt content directly into customer-facing bots, leading to policy bypasses, unsafe responses, or compliance issues in areas like legal or medical use.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly encourages using existing FAQs, help docs, or support tickets as source material for training data, but provides no guidance on removing personally identifiable information, secrets, regulated data, or confidential business content first. In practice, support tickets often contain names, emails, account details, billing information, or sensitive case narratives, so this omission can lead to privacy leakage into fine-tuning datasets or RAG indexes.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.prompt_injection_instructions

Prompt-injection style instruction pattern detected.

Warn
Code
suspicious.prompt_injection_instructions
Location
examples/nightguard-security-complete.md:93

Prompt-injection style instruction pattern detected.

Warn
Code
suspicious.prompt_injection_instructions
Location
prompts/03-guardrails-edge-cases.md:56

Prompt-injection style instruction pattern detected.

Warn
Code
suspicious.prompt_injection_instructions
Location
README.md:56

Prompt-injection style instruction pattern detected.

Warn
Code
suspicious.prompt_injection_instructions
Location
SKILL.md:132