test

Security checks across malware telemetry and agentic risk

Overview

This skill is a user analytics report template, but it asks for sensitive profiling and full conversation-log reproduction without clear privacy safeguards.

Install only if you are authorized to process these AIME logs and can enforce redaction, restricted access, and retention controls. Avoid using it on third-party or customer logs containing personal, financial, account, or confidential details unless the report is minimized and sensitive profiling fields are removed or explicitly justified.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (7)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly requests user interaction logs and behavioral/profile data, but provides no privacy notice, minimization guidance, or consent check. In this context, the skill is designed to process potentially sensitive financial behavior and conversational history, so the absence of disclosure and handling constraints creates a real privacy-risk path.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The output spec instructs generation of raw JSON data and full report artifacts derived from conversation logs without warning that these outputs may contain sensitive personal, financial, or identifying information. That creates an easy avenue for unnecessary duplication and persistence of sensitive data in files that may be shared more broadly than the source logs.

Missing User Warnings

High

Confidence: 99% confidence
Finding: The skill requires inferring gender, age, and other sociological traits from conversation logs, which is sensitive profiling based on speculative signals. This is especially dangerous because the domain involves investment behavior, making the resulting profile potentially intrusive, inaccurate, and harmful if used for product or business decisions.

Natural-Language Policy Violations

Medium

Confidence: 87% confidence
Finding: Forcing translation of all non-Chinese user queries creates additional processing and propagation of user-provided content without necessity or choice. Translation can expand access to sensitive material for new audiences and increases the amount of derived sensitive data stored in the final report.

Ssd 3

Medium

Confidence: 98% confidence
Finding: Reproducing the user's complete query history and translating non-Chinese queries creates a direct natural-language exfiltration path from logs into report outputs. Because conversation logs may contain personal details, account information, financial interests, or incidental secrets, copying them wholesale materially increases exposure risk.

Ssd 3

Medium

Confidence: 96% confidence
Finding: The specification repeatedly requires quoting original user inputs as evidence, which encourages broad disclosure of raw log content rather than minimal excerpts. In a behavior-analysis workflow, this materially increases the chance that sensitive, identifying, or confidential details are copied into reports and shared downstream.

Ssd 3

Medium

Confidence: 97% confidence
Finding: The service-analysis section directs inclusion of exact user inputs with timestamps, which creates highly linkable records of user activity. Combining verbatim text with precise timestamps makes re-identification easier and exposes detailed interaction histories beyond what is needed for product-quality analysis.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal