consensus-support-reply-guard

Security checks across malware telemetry and agentic risk

Overview

This local support-reply guard is not malicious, but one documented mode can rely on caller-supplied votes without rechecking risky draft text, so production users should review it carefully.

Install only after reviewing how you will use external_agent mode. For automated support workflows, require local hard-block checks on every draft regardless of vote source, trust and validate any external votes, and protect the configured consensus state path because audit artifacts may contain support content.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Natural-Language Policy Violations

High

Confidence: 99% confidence
Finding: The draft reply explicitly asks the customer to share an SSN, which is highly sensitive personal data, and simultaneously makes an unsupported legal-certainty guarantee. In a customer-support automation context, this is dangerous because it can induce prohibited data collection, create legal/compliance exposure, and mislead customers with unauthorized assurances.

Ssd 3

High

Confidence: 100% confidence
Finding: The message body encourages collection of SSNs despite the explicit no_sensitive_data constraint being set to true. Because this skill governs customer-facing support replies, the mismatch between policy constraints and generated content makes the issue more dangerous: it indicates a failure of hard-block enforcement and could lead to direct privacy, regulatory, and trust harms.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal