Chief Information Security Officer

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only CISO guidance skill, and its security checklists and credential-rotation advice fit its stated purpose.

Install this as an advisory security playbook. Do not paste live secrets into chat, and require explicit approval, scoped access, and rollback planning before letting any agent change accounts, cloud resources, networks, backups, or production systems.

SkillSpector

By NVIDIA

Vulnerability Patterns

Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The 'When to Use' section says the skill applies when a user needs 'CISO-level guidance for information security' and describes the agent as handling broad security operations, compliance, risk management, and incident response. This is an expansive, ambiguous scope without concrete trigger phrases, exclusions, or negative examples, which could cause unintended invocation for many generic security-related requests.

Credential Access

High

Category: Privilege Escalation
Content: ## Vendor Termination Checklist - [ ] Data return/deletion confirmed in writing - [ ] Access credentials revoked - [ ] SSO/OAuth integrations removed - [ ] DNS/network connections removed - [ ] API keys rotated
Confidence: 70% confidence
Finding: Access credentials

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal