Back to plugin

Security audit

Corpus RAG & KG Search (IM identity)

Security checks across malware telemetry and agentic risk

Overview

This skill coherently adds configured company RAG and knowledge-graph search tools, with disclosed network calls and identity headers but no hidden persistence or local data access.

Install only if you trust and control the configured baseUrl and API key, because user questions and IM identity headers will be sent to that backend. Configure allowedChannels where possible and confirm the backend enforces per-user access to internal RAG and KG content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

VirusTotal

59/59 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.