Adversary Review

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill transparently adds a second-model review step for draft responses, with privacy tradeoffs that users should understand before installing.

Install this only if you are comfortable with draft responses being reviewed by another model provider. For confidential, regulated, credential-containing, or proprietary work, configure a local reviewer model or skip/uninstall the skill so sensitive drafts are not sent to an additional API.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The skill requires adversarial review for effectively all user responses, yet later defines exceptions and a privacy-based skip condition. This inconsistency creates policy ambiguity that can cause agents to over-share drafts by default or apply the review step when it is not appropriate, increasing the chance of unintended disclosure to a second model endpoint.

Natural-Language Policy Violations

Medium

Confidence: 93% confidence
Finding: The skill imposes a universal sub-agent review workflow without user opt-in or contextual choice, and the skill description explicitly notes that draft text is sent to a configured model API. In contexts involving sensitive prompts, proprietary data, or regulated content, this can create unauthorized data transfer to an additional processor and expand the attack surface unnecessarily.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal