Back to skill

Security audit

TRTC AI Customer Service

Security checks across malware telemetry and agentic risk

Overview

This skill coherently scaffolds a Tencent TRTC AI customer-service demo, with sensitive cloud credentials and AI data sharing disclosed enough to treat it as benign but not risk-free.

Before installing, expect this skill to create and run a web app, install Python packages, and ask for Tencent Cloud, TRTC, and LLM credentials. Use least-privilege Tencent credentials where possible, do not commit env.yaml, add authentication before exposing /action publicly, and make sure users understand that chat and order context may be sent through TRTC and the configured LLM provider.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
96% confidence
Finding
The skill instructs the agent to scaffold files, run Python scripts, install dependencies, and make networked API calls, which implies file read/write, shell execution, and network access, yet no corresponding permissions are declared in metadata. This creates a transparency and consent gap: a user or platform may invoke the skill without understanding its operational capabilities, increasing the chance of unsafe execution or policy bypass.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The README instructs users to invoke the skill with broad natural-language phrases like 'help me build an AI customer service'. In agents that auto-discover and auto-run skills by description matching, such generic triggers can cause accidental activation during ordinary conversation, leading the agent to apply this skill's instructions or scaffold actions unexpectedly.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The CodeBuddy guidance uses loose keywords such as 'AI customer service' and 'e-commerce support' to activate the skill. Ambiguous keyword activation increases the chance that unrelated requests will load this skill, which may bias the agent toward this repository's implementation or cause unintended project modifications.

Vague Triggers

Medium
Confidence
86% confidence
Finding
Describing implicit invocation via natural language without specificity or exclusions is risky in environments that perform automatic skill selection. Because this skill can scaffold projects and influence implementation choices, accidental selection could trigger unwanted code generation, dependency setup, or architecture changes in response to a generic request.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The order-card flow sends structured order details such as order ID, product name, price, status, and date to the AI backend via a custom message, but this file shows no user-facing notice, consent, or minimization before transmission. In a customer-service context this is privacy-relevant data, and silent forwarding to an AI service can violate user expectations, internal policy, or regulatory requirements if the backend is third-party or logs prompts.

VirusTotal

53/53 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.prompt_injection_instructions

Prompt-injection style instruction pattern detected.

Warn
Code
suspicious.prompt_injection_instructions
Location
references/config-guide.md:47