App Order Business Stats

Security checks across malware telemetry and agentic risk

Overview

This is a narrowly scoped order-reporting skill that uses a fixed read-only SQL query, but it should only be installed where access to the private database is authorized.

Install only if you are authorized to query this business database. Ensure the mysql client and JIUSHI_DB_PASSWORD are intentionally provisioned, restrict who can invoke the skill, and consider a scoped reporting API with audit logging for broader use.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Context-Inappropriate Capability

Medium

Confidence: 92% confidence
Finding: The skill instructs the agent to invoke a shell-based MySQL client against a live remote database using embedded connection details and an environment-sourced password. Even though the account is described as read-only, this materially expands the skill from simple reporting to direct database access and creates risk of unintended data exposure, credential misuse, or abuse if the execution environment is broader than expected.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill directs use of a sensitive password environment variable to access production-like data infrastructure without surfacing data-access implications to the user. This is dangerous because the agent may perform privileged backend access implicitly, increasing the chance of unauthorized disclosure, overcollection, or misuse of sensitive business data.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal