Security audit

AI Company Audit (EN)

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only audit/compliance skill with broad trigger wording but no evidence of hidden access, execution, persistence, or data transfer.

Installers should be aware this skill may activate on generic compliance requests. Consider narrowing triggers to audit-log or P0-SLA compliance phrasing if precise routing matters. If applying its audit guidance to real logs, handle PII and security records according to your organization’s access-control and retention policies.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger phrase 'compliance' is extremely broad and can match many unrelated user requests, causing the skill to activate outside its intended scope. In an audit/governance skill, unintended activation could expose audit workflows, generate misleading compliance outputs, or interfere with routing to more appropriate skills.

Vague Triggers

Low

Confidence: 77% confidence
Finding: The natural-language example 'Check compliance for P0 SLAs' reinforces the same ambiguous activation pattern by training or signaling that generic compliance wording should invoke this skill. This increases the chance of accidental selection in broader compliance, legal, or policy discussions that are not specifically about audit logs.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal