Sa Copilot

Security checks across malware telemetry and agentic risk

Overview

This appears to be a purpose-aligned architecture/workflow assistance skill with clean malware telemetry, but its activation language is broader than ideal.

Before installing, review when the skill activates. Avoid sharing confidential architecture, customer data, internal documents, credentials, or sensitive project paths unless you trust the remote MCP service and its data handling.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The onboarding trigger is defined using very broad terms such as generic greetings and 'similar' messages, which can cause the skill to activate its guided workflow in conversations that did not clearly request it. In an agent setting with remote MCP connectivity, ambiguous activation increases the chance of unintended tool initialization, user confusion, and premature disclosure or collection of document paths and workflow state.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The tool trigger keywords are broad and overlap with ordinary architecture discussion terms like 'architecture design' and 'design review', so normal conversation may be interpreted as a command to invoke MCP tools. Because these tools are remote and phase-driven, accidental invocation can lead to unintended external requests, workflow transitions, and exposure of project paths or sensitive architectural context.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal