Security audit

专业行业研究报告生成器

Security checks across malware telemetry and agentic risk

Overview

This skill is a report generator that openly performs web research and creates workspace files, with no evidence of hidden, destructive, or credential-seeking behavior.

Install this if you want full industry research reports saved as files. Expect it to perform research, create docs/ and data/ outputs, generate charts, and export DOCX/PDF reports; avoid using it for quick industry questions unless you want that full workflow.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger criteria are broad enough to activate on generic requests for analysis, which can cause the skill to take over interactions unexpectedly and perform a heavyweight multi-step workflow with file generation. In an agent environment, ambiguous routing increases the chance of unintended tool use, unnecessary external research, and output generation beyond what the user explicitly requested.

Missing User Warnings

Low

Confidence: 84% confidence
Finding: The skill writes multiple workspace artifacts and produces DOCX/PDF outputs, but this side effect is not clearly disclosed in the trigger/description area where routing decisions are made. Lack of transparency can lead to surprise file creation, excessive workspace modification, and user confusion about what the agent will do when the skill activates.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.