Forensic Audit Roadmap

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward external API skill for generating forensic-audit career roadmaps, with disclosed profile/session fields but no local execution or hidden privileges.

Install only if you are comfortable sending career assessment details to the provider. Use pseudonymous or short-lived session identifiers where possible, omit the optional userId unless persistent profile tracking is needed, and avoid submitting confidential employer, client, incident, or investigation details.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The sample request includes persistent identifiers such as sessionId and userId alongside detailed career-assessment data, but the skill provides no privacy notice, retention guidance, minimization rationale, or warning that this data may be logged or transmitted to a third-party API. This creates a real privacy and tracking risk because consumers may copy the example directly into production workflows and expose linkable user metadata without informed consent or data-handling controls.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal