Back to skill

Security audit

Aloudata CAN SKILLS - inventory-strategy

Security checks across malware telemetry and agentic risk

Overview

This inventory analysis skill is coherent and disclosed, but it will query business inventory data and create report files.

Install this only where the metric-query integration is allowed to access inventory, sales, stock-value, and discount metrics. Expect the skill to create HTML and spreadsheet reports that may contain sensitive business data, and review those files before sharing them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger conditions are broad enough to match ordinary inventory-related requests such as '帮我看看库存有没有问题' or '哪些商品该打折了', which can cause the skill to activate unexpectedly. In a multi-skill agent, over-broad activation can route users into this workflow without clear intent, leading to unnecessary data access, unintended report generation, or bypass of more appropriate skills.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.