需求管理

Security checks across malware telemetry and agentic risk

Overview

This demand-management skill is coherent and purpose-aligned, with the main privacy consideration being that approved demand details can be shared with other workflow skills.

Install this only in an environment where downstream workflow skills and event listeners are trusted, because demand titles, descriptions, review comments, and prompt templates may be included in approval events and logs.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Description-Behavior Mismatch

Medium

Confidence: 84% confidence
Finding: The skill emits a cross-skill event with the full `demand` object, which may include free-form business descriptions, reviewer comments, and prompt templates that downstream listeners do not need. In an event-driven skill ecosystem, broadcasting unnecessary sensitive context expands the trust boundary and can leak internal data to other skills or logs without explicit authorization.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal