Ba Copilot

Security checks across malware telemetry and agentic risk

Overview

This skill is a requirements-analysis assistant that clearly discloses its remote MCP service and its behavior is aligned with producing BA documents.

Before installing, be aware that requirements and related business details may be sent to the listed remote MCP service. Avoid submitting confidential product plans, regulated data, customer data, or internal compliance materials unless you trust that service and its data handling terms.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 78% confidence
Finding: The trigger keywords are broad and include generic phrases like 'help me analyze' and 'I want to build a XX system,' which can cause unintended tool invocation. In an agentic environment, accidental activation of remote MCP-backed tools can transmit user content to external services or start multi-step workflows without sufficiently explicit user intent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal