Security audit

Proposal & SOW Generator

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only proposal drafting skill with no executable behavior; users should still review generated pricing and terms before sending them.

Install this as a drafting assistant, not a final authority. Before sending generated proposals or SOWs, verify the scope, deliverables, prices, currency, payment terms, IP language, cancellation terms, confidentiality language, dates, and any jurisdiction-specific legal wording.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Low

Confidence: 94% confidence
Finding: The tone rules specify 'UK English by default' and only switch to US if specified. This imposes a locale/language preference unless the user proactively overrides it, which matches the policy concern for forced language or locale without opt-in.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.