Build Operations Faq Page

Security checks across malware telemetry and agentic risk

Overview

This is a simple instruction-only skill for drafting operations FAQ content, with no code execution or hidden access requests.

Install it only if you want help drafting operations FAQ pages. Be explicit when invoking it, avoid sharing confidential business details unless your agent and search settings allow that, and review any web-search-assisted customer-facing answers before publishing.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The skill description is broad enough to match many ordinary operations-content requests, which increases the chance the agent invokes it in situations where its scope has not been clearly validated. Over-broad triggering can cause unintended use of web search or content generation in workflows that need tighter business, compliance, or review constraints.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The 'Use When' section is generic and lacks concrete trigger conditions, so the skill may be selected for loosely related business-operations work beyond FAQ generation. In context, this is more dangerous because the skill is customer-facing and supports external content, where mis-scoped use can produce inaccurate or unreviewed public answers.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal