Back to skill

Security audit

weekly-report-generator

Security checks across malware telemetry and agentic risk

Overview

This appears to be an instruction-only report-writing skill, with the main caveat that its trigger wording may activate more broadly than users expect.

Install this if you want help formatting status updates or weekly reports. Be aware that broad phrases like "summary" or "status update" may activate it in ambiguous workplace conversations, so avoid giving it sensitive updates unless you intend them to be transformed into report-style output.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The skill's trigger phrases are very broad and map to common workplace language such as 'status update' and 'summary', which can cause the skill to activate in conversations where the user did not explicitly request report generation. This can lead to unintended routing of user content into the skill, causing confusion, poor UX, or accidental transformation of sensitive work updates into polished output without clear user intent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.