Back to skill

Security audit

Product Business

Security checks across malware telemetry and agentic risk

Overview

This is a broad business-writing and planning skill with no executable code, persistence, credential use, or hidden data access.

Install if you want broad product and business templates. Review legal outputs with a qualified attorney, and be aware the skill may activate on general business keywords or respond in a mode-specific tone/language unless you steer it explicitly.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The skill advertises proactive use across a very broad set of common business and support tasks, which creates a high chance of inappropriate activation outside a narrowly intended context. Over-broad routing can cause the assistant to override better-matched system behavior, produce unnecessary legal/sales/support personas, or inject domain-specific guidance when the user did not request it.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger list spans many loosely related domains and common keywords, but does not impose clear boundaries for ambiguous or partial matches. This can make the skill activate on generic requests and steer the conversation into the wrong mode, especially when terms like 'legal', 'support', 'SEO', or 'strategy' appear incidentally.

Natural-Language Policy Violations

Medium
Confidence
83% confidence
Finding
The skill states that each mode operates with its own persona, language, and output standards, which can force a role-framed response without clear user consent. While not directly enabling code execution or data exfiltration, this can reduce user control, misrepresent the assistant's role, and cause unwanted authoritative framing in sensitive areas like legal or support advice.

Natural-Language Policy Violations

Medium
Confidence
89% confidence
Finding
Mandating Chinese for one mode rather than defaulting to the user's language can cause the assistant to ignore user preference and produce inaccessible or confusing output. In a multi-mode skill with legal, support, and business content, forced language behavior increases the risk of misunderstanding and accidental misuse of important guidance.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.