Deepvista Recipe Import Files

Security checks across malware telemetry and agentic risk

Overview

This skill clearly helps bulk-import local files into DeepVista, but users should scope it carefully because it can upload many file contents to an external knowledge base.

Install only if you trust DeepVista and want local files stored as DeepVista cards. Before running it, choose a narrow directory or extension filter and explicitly exclude .env files, keys, credentials, customer data, dependency folders, generated files, and anything confidential.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger includes a broad catch-all clause ('any request to bulk-import local files into DeepVista'), which can cause the skill to activate in situations the user did not intend. In this skill's context, unintended activation is risky because it performs recursive local file discovery and bulk uploads file contents to an external knowledge system, increasing the chance of accidental data exfiltration or overly broad imports.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal