Back to skill

Security audit

Intelligent Continuous Requirements Analysis v4

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only requirements-analysis skill whose log and telemetry analysis guidance fits its purpose, but users should add privacy controls before using real customer or production data.

Before installing or using this skill with real data, confirm you are authorized to process the data, redact personal information and secrets, avoid sending raw logs or telemetry to unapproved AI providers, set retention and access limits, and keep human review for compliance and product decisions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly encourages automated ingestion and analysis of user feedback, customer-service logs, app reviews, and similar data, but it does not require data minimization, consent checks, redaction, access controls, or retention limits. In practice, those sources often contain personal data, secrets, and sensitive operational details, so omission of privacy and handling guardrails can lead to unauthorized processing or leakage.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The Continuous Feedback Loop describes automatic ingestion of production monitoring data and user behavior data into AI-driven analysis with no integrity, privacy, or security constraints. This is more dangerous than the earlier finding because it implies ongoing, automated processing of live production telemetry, which can include identifiers, behavioral profiles, and security-relevant events, increasing the chance of continuous overcollection, exposure, or misuse.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.