Security audit

Chatbot Designer

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a customer-support chatbot guide, but its handoff instructions may expose full conversations and customer/order details without clear consent or minimization controls.

Review this skill before installing or using it in a real support workflow. Add explicit user consent before escalation, share only the minimum needed ticket context, redact sensitive fields, restrict access to handoff data, and require clear order identification plus confirmation before any cancellation-related action.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (6)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The phrase "help me" is listed as an automatic escalation trigger, which is overly broad and likely to match many ordinary customer messages that do not actually request human handoff. In this skill's chatbot context, that can cause unintended escalations, reduced containment, and unnecessary sharing of conversation context with human agents.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The skill recommends pre-filling tickets with full conversation transcripts and sending notifications to email without explicitly instructing the designer to warn users or minimize shared data. In a customer-support setting, transcripts can contain order details, contact information, and other personal data, so silent forwarding increases privacy and data-handling risk.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The playbook instructs the bot to pre-fill tickets with customer contact details, order numbers, collected data, sentiment, and the full chat transcript, but it provides no minimization, consent, retention, or access-control guidance. In a customer service context this can expose personal and transactional data to unnecessary recipients or systems, increasing privacy, compliance, and insider-misuse risk.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The Shipping Delay intent includes very broad keywords such as "where" and "late," which are common in many unrelated customer messages. In an ecommerce support chatbot, this can cause incorrect intent routing, leading the bot to fetch or discuss order information when the user meant something else, degrading reliability and potentially exposing order-related context unnecessarily.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The Cancellation Request intent uses broad triggers like "cancel" and "change my mind" without restricting them to order-cancellation context. In a customer service chatbot, this can misclassify unrelated requests and may initiate or suggest destructive account or order actions based on ambiguous language.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The escalation templates say the chatbot will share the entire conversation and use the customer's email for follow-up, but they do not ask for consent or provide a privacy notice. In this ecommerce context, conversations may contain order numbers, addresses, email addresses, and other personal data, so automatic sharing can create unnecessary privacy exposure and compliance risk.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal