Security audit

Universal Company Operator System

Security checks across malware telemetry and agentic risk

Overview

This is a broad business-planning operator pack with no evidence of code execution, secret use, persistence, or live external actions, but users should keep it scoped to drafting and decision support.

Install only if you want a broad business-planning and operator-routing assistant. Do not provide wallet keys, credentials, private customer data, or authority to spend, publish, message, sign, deploy, or delete; use its outputs as drafts and decision support, especially for legal, finance, and compliance topics.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (14)

Vague Triggers

High

Confidence: 97% confidence
Finding: The skill description instructs activation for an extremely broad set of business-related requests and even says to always activate for running or improving a business, project, or organization. This creates prompt-scope overreach: the skill can intercept many ordinary requests that may be better handled by other skills or by the base assistant, increasing the chance of inappropriate routing, hidden instruction precedence, and unintended influence over unrelated user workflows.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The entry-point guidance says to activate the master router for any broad or cross-functional request and to go direct when a request 'clearly belongs' to one function, but it does not define boundaries for those terms. Ambiguous routing criteria can cause over-activation and inconsistent delegation, letting the skill insert itself into loosely related queries and potentially override more appropriate domain-specific handling.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The manifest description defines the skill as project-agnostic and suitable for essentially any company or project, which creates an unusually broad activation scope. In an agent-routing system, this can cause over-triggering, unnecessary privilege or context expansion, and increase the chance that the skill handles requests outside its safe or intended boundaries.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The example prompt is broad and phrased in natural language that a user could plausibly say in ordinary conversation, which increases the chance of unintended skill invocation. In this skill's context, unintended activation matters because the skill claims very wide business-routing authority and could override more appropriate, narrower skills or cause surprising multi-agent behavior.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The skill metadata and description define activation in very broad terms, allowing it to route on essentially any business-related request without strong trigger boundaries. In an agent system, overly broad routing can cause inappropriate activation, scope capture, and unintended handling of requests better suited to narrower or safer skills, increasing the chance of mis-execution or policy bypass through misclassification.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: Stating that the operator can receive 'any business or project request' creates ambiguous boundaries and effectively turns the skill into a catch-all orchestrator. That increases the attack surface because ambiguous scope encourages overreach, accidental delegation, and misuse in contexts where more constrained skills or explicit user confirmation should be required.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The phrase 'When activated' defines behavior after invocation but does not specify clear activation triggers or boundaries for when this operator should be selected. In a multi-skill system, this ambiguity can cause over-broad routing or unintended invocation on loosely related requests, leading to incorrect handling, privilege creep across roles, or policy bypass through misclassification.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The skill’s name and description are broad enough to activate on a wide range of generic UX, design, brand, and business-improvement requests, increasing the chance of unintended routing. Over-broad activation can cause the wrong operator to intercept user requests, suppress more appropriate specialist skills, and expand the effective authority of this skill beyond its intended scope.

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The instruction 'When activated, use this sequence' relies on external activation logic but the skill does not define precise, bounded conditions for when it should be invoked. In a broad business-operations skill ecosystem, this can cause over-activation or misrouting, leading the finance operator to act on requests outside its intended scope and produce misleading financial guidance without sufficient context.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The operator says 'When activated' and provides an execution sequence, but it does not define concrete activation boundaries within the skill itself. In a larger multi-skill system, ambiguous triggering can cause the legal/compliance role to engage too broadly or at the wrong time, leading users to receive quasi-legal guidance in contexts where another operator or a narrower disclaimer would be more appropriate.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: This skill performs legal/compliance analysis but does not present a clear user-facing warning that outputs are not legal advice. Even though it internally says it should not pretend to replace licensed counsel, that safeguard is not prominently exposed as an upfront user warning, increasing the risk that users rely on the output for regulated legal decisions.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The skill description instructs very broad automatic activation for phrases like 'run overnight,' 'work while I sleep,' and generally any asynchronous offline workflow. This can cause the skill to intercept ordinary user requests and route them into a high-authority coordination flow without sufficiently explicit user intent, increasing the chance of overreach or unintended task decomposition.

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The activation section matches broad natural-language requests such as 'run this while I sleep,' 'do this overnight,' and any batched cross-functional preparation pass. In a coordinator skill that can classify, split, and route work across many operators, ambiguous triggers are more dangerous because they can unintentionally expand scope, invoke multiple downstream skills, and normalize autonomous execution patterns the user may not have explicitly requested.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The skill is scoped so broadly that it can be activated for many generic product, engineering, or business-improvement requests, increasing the chance of unintended routing and overreach. In an agent system, overly broad activation can cause the wrong operator to engage, produce irrelevant or unsafe actions, and crowd out more appropriate specialized skills, especially because the parent system description also encourages very aggressive activation.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal