Back to skill

Security audit

Data Automation Service

Security checks across malware telemetry and agentic risk

Overview

This is a small instruction-only skill for scoping data automation consulting work, with no executable code or hidden system access.

Install this only if you want an assistant workflow for discussing and pricing data automation work. Review any future scripts, data-source connections, API keys, or integrations separately before sharing real business data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger phrase "整數據自動化" is broad and could match normal conversation about data work, causing the skill to activate when the user did not explicitly request this specific service. Unintended activation can steer users into a commercial workflow, including quoting and planning, without clear opt-in.

Natural-Language Policy Violations

Medium
Confidence
79% confidence
Finding
The skill is written entirely in Cantonese/Chinese without indicating language negotiation or fallback behavior, which can cause the assistant to respond in a forced locale even when the user did not request it. This is mainly a safety and usability issue because it may confuse users, reduce informed consent, and increase the chance of mistaken task execution.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.