Audit Case Rag

Security checks across malware telemetry and agentic risk

Overview

This is a local document-search skill whose indexing, Office conversion, and saved indexes match its stated audit-case purpose, but the generated files can contain sensitive case text.

Install this in an isolated virtual environment, index only case folders you intend to process, and keep the output directory private. Treat generated manifest, converted PDFs, and joblib indexes as sensitive because they can contain extracted audit text; do not commit or share them. Use a trusted LibreOffice installation and consider sandboxing conversion for documents from untrusted sources.

SkillSpector

By NVIDIA

Vulnerability Patterns

Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (14)

Context-Inappropriate Capability

Medium

Confidence: 84% confidence
Finding: The skill description frames this as local RAG indexing, but indexing Office documents causes execution of an external LibreOffice binary on attacker-controlled files. That expands the trust boundary and can expose the host to parser/macro/converter vulnerabilities in LibreOffice or unexpected behavior during document conversion.

Unpinned Dependencies

Low

Category: Supply Chain
Content: # Local-first audit/investigation RAG (no cloud APIs) fastembed>=0.3.0 scikit-learn>=1.5.0 pypdf>=4.2.0 pandas>=2.2.0
Confidence: 96% confidence
Finding: fastembed>=0.3.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: # Local-first audit/investigation RAG (no cloud APIs) fastembed>=0.3.0 scikit-learn>=1.5.0 pypdf>=4.2.0 pandas>=2.2.0 openpyxl>=3.1.2
Confidence: 97% confidence
Finding: scikit-learn>=1.5.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: # Local-first audit/investigation RAG (no cloud APIs) fastembed>=0.3.0 scikit-learn>=1.5.0 pypdf>=4.2.0 pandas>=2.2.0 openpyxl>=3.1.2 pyyaml>=6.0.1
Confidence: 96% confidence
Finding: pypdf>=4.2.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: fastembed>=0.3.0 scikit-learn>=1.5.0 pypdf>=4.2.0 pandas>=2.2.0 openpyxl>=3.1.2 pyyaml>=6.0.1 joblib>=1.3.0
Confidence: 94% confidence
Finding: pandas>=2.2.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: scikit-learn>=1.5.0 pypdf>=4.2.0 pandas>=2.2.0 openpyxl>=3.1.2 pyyaml>=6.0.1 joblib>=1.3.0 numpy>=1.26.0
Confidence: 96% confidence
Finding: openpyxl>=3.1.2

Unpinned Dependencies

Low

Category: Supply Chain
Content: pypdf>=4.2.0 pandas>=2.2.0 openpyxl>=3.1.2 pyyaml>=6.0.1 joblib>=1.3.0 numpy>=1.26.0
Confidence: 97% confidence
Finding: pyyaml>=6.0.1

Unpinned Dependencies

Low

Category: Supply Chain
Content: pandas>=2.2.0 openpyxl>=3.1.2 pyyaml>=6.0.1 joblib>=1.3.0 numpy>=1.26.0
Confidence: 96% confidence
Finding: joblib>=1.3.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: openpyxl>=3.1.2 pyyaml>=6.0.1 joblib>=1.3.0 numpy>=1.26.0
Confidence: 93% confidence
Finding: numpy>=1.26.0

Known Vulnerable Dependency: scikit-learn — 6 advisory(ies): CVE-2020-13092 (scikit-learn Deserialization of Untrusted Data); CVE-2024-5206 (scikit-learn sensitive data leakage vulnerability); CVE-2020-28975 (scikit-learn Denial of Service) +3 more

Critical

Category: Supply Chain
Confidence: 90% confidence
Finding: scikit-learn

Known Vulnerable Dependency: pypdf — 10 advisory(ies): CVE-2026-24688 (pypdf has possible Infinite Loop when processing outlines/bookmarks); CVE-2026-27628 (pypdf has a possible infinite loop when loading circular /Prev entries in cross-); CVE-2026-40260 (pypdf: Manipulated XMP metadata entity declarations can exhaust RAM) +7 more

Low

Category: Supply Chain
Confidence: 95% confidence
Finding: pypdf

Known Vulnerable Dependency: openpyxl — 2 advisory(ies): CVE-2017-5992 (Improper Restriction of XML External Entity Reference in Openpyxl); CVE-2017-5992 (Openpyxl 2.4.1 resolves external entities by default, which allows remote attack)

High

Category: Supply Chain
Confidence: 82% confidence
Finding: openpyxl

Known Vulnerable Dependency: pyyaml — 8 advisory(ies): CVE-2019-20477 (Deserialization of Untrusted Data in PyYAML); CVE-2020-1747 (Improper Input Validation in PyYAML); CVE-2020-14343 (Improper Input Validation in PyYAML) +5 more

Critical

Category: Supply Chain
Confidence: 88% confidence
Finding: pyyaml

Known Vulnerable Dependency: joblib — 3 advisory(ies): CVE-2022-21797 (joblib vulnerable to arbitrary code execution); CVE-2022-21797 (The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Exec); CVE-2024-34997 (joblib v1.4.2 was discovered to contain a deserialization vulnerability via the )

Critical

Category: Supply Chain
Confidence: 92% confidence
Finding: joblib

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal