Back to skill

Security audit

Essential Skills Package

Security checks across malware telemetry and agentic risk

Overview

This is a broad instruction-only productivity skill with disclosed examples for research, coding, and automation, and no hidden code or install behavior.

Install only if you want a broad helper skill. Avoid putting secrets or private data into web searches, review generated code changes before applying them, and approve any cron or scheduled task explicitly.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill describes very broad capabilities across research, development, and automation without defining when it should or should not activate. In an agentic system, this can cause over-triggering on unrelated user requests, increasing the chance the skill invokes powerful tools or influences behavior outside its intended scope.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The generic call to action invites the model to apply the skill to almost any task type, without constraints or guardrails. This broad prompt can bias an agent toward selecting the skill by default, which raises the risk of unnecessary tool use, unintended automation, or misalignment with user intent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.