Security audit

Tech Manager Office

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-heavy business workflow skill, but it gives the agent broad standing authority to collect sensitive project data and proactively contact third parties, so it needs human review before use.

Install only if you intend to use it as a governed business-process assistant. Disable or gate autonomous daily runs, external outreach, customer replies, project handoffs, and resource matching behind explicit human approval. Before using real projects, add clear privacy notices, consent requirements, retention/deletion rules, role-based access controls, and audit logs for contact details, IP, financial, contract, and customer data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (23)

Context-Inappropriate Capability

Medium

Confidence: 84% confidence
Finding: The document explicitly instructs the agent to initiate outbound contact with external researchers and organizations, including cold outreach and relationship-building, without clearly binding that behavior to an explicit user request or consent gate. In an LLM agent context, this expands the skill from analysis into autonomous external action, creating risks of spam, reputational harm, and unauthorized disclosure or collection of personal/business information.

Context-Inappropriate Capability

High

Confidence: 96% confidence
Finding: The skill defines autonomous daily operation, proactive lead generation, monitoring, follow-up, and exception handling '无需等待指令', which gives the agent standing authority to act without a current user instruction. This is dangerous because autonomous behavior can trigger unsanctioned outreach, data processing, and business actions at scale, especially if the deployment environment later connects messaging, CRM, or external APIs.

Description-Behavior Mismatch

Medium

Confidence: 88% confidence
Finding: The file materially broadens the skill from TRL assessment and due diligence into a sales and business-operations system with pricing, revenue targets, CAC/LTV tracking, and client acquisition strategy. Scope expansion is risky because it encourages the agent to optimize for business generation rather than bounded analysis tasks, increasing the chance of manipulative behavior, unauthorized profiling, and actions inconsistent with user expectations.

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The kanban marks the '需求确认报告' as completed in the Done section while also showing a related task '需求确认报告完善' as 90% in progress. In a workflow-driving agent, this inconsistency can cause premature approvals, skipped review steps, or automated downstream actions based on a false completion state.

Intent-Code Divergence

Low

Confidence: 87% confidence
Finding: The document defines one permission model near the top that allows only internal roles to view the kanban, but later states that the Agent has full visibility and the customer can access a milestone view. Conflicting access rules can lead to overexposure of internal project data or incorrect enforcement by an automation system interpreting the wrong section.

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The file defines a broad, reusable 44-skill workflow framework that materially exceeds the declared scope of a tech-manager-office skill centered on TRL assessment, technical due diligence, and成果转化 services. Scope expansion is dangerous because it can cause the agent to perform unintended actions, process unrelated sensitive data, and bypass user/admin expectations about what capabilities are enabled.

Description-Behavior Mismatch

Medium

Confidence: 94% confidence
Finding: The specification adds broad compliance review, standards implementation guidance, and policy/standards collection functions across multiple domains, not just the stated tech-transfer office role. In an agent setting, this creates capability creep that may trigger high-trust compliance judgments or collection of sensitive materials outside the user's intended task, increasing misuse and overreach risk.

Context-Inappropriate Capability

High

Confidence: 97% confidence
Finding: The document introduces marketing-enablement skills such as content/operations assistance that are unrelated to the declared technical-manager office purpose. This is more dangerous than ordinary scope drift because marketing/content generation can create broad outbound influence, accidental data reuse, and unreviewed business actions under a trusted enterprise-facing skill.

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: Customer operations and business-management capabilities extend beyond the stated purpose of the skill and enlarge the action surface from assessment/guidance into operational business functions. This can lead to inappropriate handling of customer data, workflow invocation in the wrong context, and user confusion about what authority the agent has.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The product description markets end-to-end technical commercialization and due diligence services, while the rest of the document clearly expects collection of sensitive project data such as team details, patents, contact information, investment needs, and project archives. Without an explicit privacy notice, data minimization guidance, or consent boundary, users may overshare confidential business and personal information to the agent, creating avoidable confidentiality and compliance risk.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The skill can activate on very broad, implicit cues such as general mentions of research institutes, valuation, or investment matching, which increases the chance of unintended invocation. This can cause the agent to enter a specialized advisory workflow without clear user consent, leading to irrelevant guidance, overcollection of project details, or misleading authoritative framing in ordinary conversations.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The trigger phrase "评估这个项目" is overly broad and can match ordinary conversational requests, causing the orchestration engine to invoke the TRL assessment workflow without sufficient task disambiguation. In this skill, that can lead to unintended workflow execution, unnecessary data collection, and incorrect routing into formal evaluation and gate-review processes.

Vague Triggers

Low

Confidence: 83% confidence
Finding: The condition "评估师主动要求TRL定级" is underspecified and does not define what exact command, state, or authorization boundary permits the trigger. In a multi-agent setting, ambiguous internal triggers can cause accidental or premature assessment runs, reducing workflow integrity and making it easier for loosely phrased agent outputs to activate downstream actions.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The document describes automated generation, transfer, updating, and dashboard aggregation of structured project and contact data, including fields such as contact notes, team, contact, and project archive summaries, but provides no privacy notice, consent basis, retention rule, access control, or minimization guidance. In a multi-role agent workflow, this omission can lead to over-collection and broad internal propagation of personal or sensitive business information without adequate user awareness or governance.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The workflow collects and transfers contact details, project information, and related records about external parties, but the document provides no user-facing privacy notice, lawful basis, consent flow, retention rule, or data-minimization guidance. This creates privacy and compliance risk because the agent is instructed to process personal and potentially confidential business data during outreach and handoff activities without transparent disclosure.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The inter-agent API design transmits project records and contact information over authenticated interfaces, but the documentation omits any notice to affected users or data subjects that their information will be shared across agents/services. Even with HTTPS and bearer tokens, undisclosed cross-system transfer of personal or confidential data can violate privacy expectations and create compliance exposure if logs, downstream systems, or token misuse are involved.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The document explicitly defines collection, storage, and inter-agent transfer of personal and sensitive business data such as contact details, team information, and technical/IP materials, but does not describe any user-facing notice, consent, or transparency mechanism at the point of collection. In a multi-agent system, hidden internal propagation increases privacy and compliance risk because users may disclose data to one agent without understanding it will be retained, shared across roles, and used in downstream evaluations and reports.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The document explicitly includes '自动记录' and '自动分析' of a customer conversation while containing no script or process for informing the customer, obtaining consent, or explaining retention and handling of the recorded data. In a business-development context involving an identifiable professor, research details, and commercialization discussions, undisclosed recording and profiling can create privacy, legal, and trust risks and may expose sensitive technical or personal information.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The document records identifiable relationship and contact details for specific team members (names, roles, age/background, and that WeChat/phone have been added) without any guidance on minimization, consent, access control, or secure handling. In a skills/agent context, this can normalize collecting and redistributing personal data to downstream users or systems, increasing privacy, social-engineering, and unauthorized disclosure risk.

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The document explicitly allows the agent to automatically adjust task ordering, resource allocation, and communication cadence without any user-facing warning, approval gate, or stated boundary on business impact. In a project-management skill tied to financing, milestones, and customer commitments, even 'minor' autonomous changes can materially affect delivery, spending, and stakeholder decisions if users assume the plan remains human-approved.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The AI prediction scenario explicitly proposes collecting and processing operating data, inspection data, and process parameters, but provides no controls for consent, contractual authorization, data minimization, confidentiality, or handling of sensitive industrial information. In a technology commercialization skill aimed at real-world deployment, this omission can lead users to build data pipelines that expose proprietary customer data or regulated personal information without adequate governance.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: Overly broad natural-language trigger phrases can cause accidental invocation during ordinary conversation, especially in a multi-skill environment. Mis-triggering is risky here because the skill handles evaluation, compliance, and material-processing workflows that may collect or infer sensitive organizational information without the user intending to start that process.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: The workflow collects and processes sensitive materials, contact details, financial data, certifications, contracts, and uploaded files, but the document does not specify clear privacy notice, consent, retention, or handling limits. In this context, that omission is dangerous because the skill is explicitly designed to ingest organizational compliance and due-diligence materials, which are likely confidential and regulated.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal