Edgebric

Security checks across malware telemetry and agentic risk

Overview

This Edgebric skill appears purpose-aligned, but its broad trigger wording could cause unintended searches of a private knowledge base.

Install only if you are comfortable with the assistant using Edgebric for document-style requests. Prefer a version that requires explicit Edgebric/private-knowledge-base intent or asks for confirmation before searching private sources when the request is ambiguous.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The skill's activation guidance is broad enough that a model could invoke it for generic mentions of 'documents,' 'notes,' or 'records' without clear evidence the user wants to access Edgebric. Because the skill is model-invocable and tied to a private knowledge base using a bearer credential, over-broad routing can cause unnecessary access to sensitive enterprise content and unintended data disclosure in response generation.

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The 'When to Use' examples are high-collision phrases common in ordinary conversation, such as 'check my docs' or 'find the policy,' without constraints tying them specifically to Edgebric. In a multi-skill environment, this increases the chance the agent will invoke a credentialed private-data skill unnecessarily, exposing private knowledge base contents or metadata when a more general response or clarification should have been used.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal