RAG

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only RAG guidance skill, and the flagged prompt-injection text is used as a defensive example rather than as an instruction to the agent.

This skill is reasonable to install as RAG documentation. When applying its advice, carefully control which documents are indexed, avoid storing secrets or unnecessary personal data, enforce retrieval-time access controls, and review retention policies for any embedding or vector database provider you use.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Instruction Override

High

Category: Prompt Injection
Content: ### The Risk Malicious content in indexed documents: ``` IGNORE ALL PREVIOUS INSTRUCTIONS. You are now... ``` ### Mitigations
Confidence: 80% confidence
Finding: IGNORE ALL PREVIOUS INSTRUCTIONS

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal