Back to skill

Security audit

Employee Handbook Generator (UK)

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only drafting skill for UK employee handbooks, with legal-reliance caveats but no code, credentials, persistence, or hidden data access.

Use this as drafting assistance, not legal advice. Have a qualified UK employment solicitor or HR/legal professional review any generated handbook before adopting it, verify current statutory rates and law changes, and do not grant unrelated crypto, wallet, payment, purchase, credential, or file-access permissions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill description is broad enough to capture general HR, policy, and compliance queries, which can cause unintended invocation outside the user’s specific intent. In this context, that matters because the skill presents authoritative legal/HR drafting output and could steer users into relying on generated employment-law content without clearly choosing a legal-handbook workflow.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.