Back to skill

Security audit

Portfolio Matrix

Security checks across malware telemetry and agentic risk

Overview

This is a read-only business planning framework for ranking projects, with no code, credentials, network access, or persistence.

Safe to install from the reviewed artifacts. Treat outputs as advisory business analysis, verify NPV and risk assumptions independently, and be aware that broad trigger terms may invoke the skill during general prioritization discussions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger list includes generic terms such as 'NPV' and 'prioritization' that are common in normal business conversations, so the skill could be invoked unintentionally in contexts where the user did not explicitly request this framework. This can cause inappropriate routing, confusing outputs, or interference with other skills, though it does not appear to enable direct code execution or data exfiltration.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.