Security audit
Corpus RAG & KG Search (IM identity)
Security checks across malware telemetry and agentic risk
Overview
This skill coherently adds configured company RAG and knowledge-graph search tools, with disclosed network calls and identity headers but no hidden persistence or local data access.
Install only if you trust and control the configured baseUrl and API key, because user questions and IM identity headers will be sent to that backend. Configure allowedChannels where possible and confirm the backend enforces per-user access to internal RAG and KG content.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
59/59 vendors flagged this plugin as clean.
Static analysis
No suspicious patterns detected.
