Security audit

Ai Company Cpo 2.1.0

Security checks across malware telemetry and agentic risk

Overview

This is a public-relations crisis-response prompt skill with broad activation terms, but its behavior is disclosed and matches its stated purpose.

Before installing, consider scoping file access to a reports or incident-response directory and network access to approved monitoring or notification services. Require human approval before public statements, regulator reports, deletion requests, or messages containing sensitive incident or personal-data details.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (3)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger '公共关系' is broad enough to match many ordinary PR- or communications-related requests that may not actually require this high-permission governance skill. Because the skill has file write access, network access, and MCP messaging plus cross-skill dependencies, overly broad activation increases the chance of unintended invocation and unnecessary exposure of privileged capabilities.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The single-term trigger 'CPO' is highly ambiguous and may be invoked in unrelated contexts, including references to a job title, organizational discussion, or other abbreviations. In an agent system, such ambiguity can cause accidental dispatch to this skill, which is risky given its write/network permissions and ability to interact with other executive/legal/security skills.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The English trigger 'AI company public' is truncated and vague, making it likely to overlap with unrelated requests about public companies, public information, or general AI company topics. This weak specificity increases misrouting risk, and in this skill that matters because the capability set includes external communication planning, network access, and coordination with sensitive legal and security roles.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.