AI Incident Response

Security checks across malware telemetry and agentic risk

Overview

This is a coherent roadmap-generation skill, with the main caution that it sends career assessment details and identifiers to an external API.

Before installing, confirm you trust the external ToolWeb/API operator. Use pseudonymous session or user identifiers where possible, and avoid sending confidential employer, client, real incident, or unnecessary personal details in the assessment fields.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 88% confidence
Finding: The skill explicitly documents collection of assessment details, session identifiers, timestamps, and userId values, but provides no privacy notice, data minimization guidance, retention policy, or handling constraints. While this is not an exploit by itself, it creates a real privacy/security weakness because downstream users or integrators may send personally identifiable or linkable data to a third-party service without understanding how it is stored, shared, or protected.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal