Back to skill

Security audit

Subway Restaurant Agent

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only restaurant ordering skill with purpose-aligned WhatsApp and Google Sheets setup, but installers should add privacy and secret-handling safeguards before production use.

Install only with a dedicated WhatsApp token and a least-privilege Google Sheet/service account. Keep .env out of source control, restrict file and sheet access, test with sandbox credentials first, and add a customer-facing privacy notice covering stored order IDs, items, totals, timestamps, and any allergy notes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly instructs the agent to record all transactions to a connected Google Sheet, but the skill text provides no user-facing notice, consent flow, or data-minimization guidance. In a WhatsApp ordering context, transaction logs can contain names, phone numbers, order contents, allergy notes, and timestamps, so silent transmission to an external sheet creates a meaningful privacy and compliance risk.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The guide instructs operators to store sensitive values such as a spreadsheet ID and WhatsApp API token in a local `.env` file, but provides no warning about protecting that file from source control, logging, or accidental sharing. In a deployment/setup document, this omission can directly lead to credential exposure through repository commits, backups, screenshots, or misconfigured file permissions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.