Coverage Check

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only insurance coverage review skill that asks for sensitive financial context that fits its stated purpose, with no code, persistence, or hidden access.

Safe to install as an instruction-only coverage review skill. Share only the minimum needed, use ranges or summaries for income, assets, and liabilities when possible, and avoid providing identifiers such as SSNs, account numbers, full policy documents, or private login/session information.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill explicitly instructs collection of sensitive personal and financial information, including age, dependents, income, assets, and liabilities, but provides no privacy notice, consent guidance, data minimization rules, or handling restrictions. In an insurance context this data is highly sensitive and can enable profiling, unnecessary retention, or downstream misuse if users are not clearly warned and the agent is not constrained.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal