Sr

Security checks across malware telemetry and agentic risk

Overview

This is a low-risk research instruction bundle; its broad wording may cause overuse, but it contains no code, installs, credentials, persistence, or hidden data handling.

Install this if you want a general research workflow helper and your agent's web/search tools are ones you trust. Because the skill is broad, be explicit about scope, source limits, and whether you want quick or deep research; avoid pasting confidential data unless you intend the agent to use it in its research.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The skill is described as handling essentially any research task and combining multiple research approaches, but it does not define clear activation boundaries, scope limits, or routing constraints. In agent environments, this kind of broad trigger language can cause the skill to activate in unintended contexts, leading to overreach, unnecessary tool use, or unsafe delegation of tasks beyond the user's intent.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The skill description is overly broad and does not define clear invocation boundaries, which can cause an agent to select this skill in contexts far beyond its intended purpose. In an agentic system, ambiguous routing expands the skill’s effective authority surface and increases the chance of unsafe use, prompt collisions, or accidental execution during sensitive tasks.

VirusTotal

No VirusTotal findings

View on VirusTotal