Company

Security checks across malware telemetry and agentic risk

Overview

This skill is a planning guide for organizing business agents and does not contain code, hidden setup, credential use, or automatic actions.

Safe to install as a planning guide. Treat its recommendations as organizational advice, not permission to automate sensitive workflows immediately; require human approval for finance, legal, HR, customer-facing, and public actions, and review any separate tools or credentials before connecting them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The trigger set includes broad business-planning phrases such as "agents for my business" and "which skills do I need," which can match many general conversations not specifically requesting this organizational-automation skill. Overbroad activation can cause the agent to enter a high-impact restructuring workflow unexpectedly, increasing the chance of irrelevant or unsafe recommendations about replacing staff or automating sensitive functions.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal