Back to skill

Security audit

brand knowledge base

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed brand-document processing tool that sends user-selected files to a configured LLM provider and writes generated brand knowledge outputs locally.

Install only if you are comfortable sending the selected brand documents and intake content to the OpenAI-compatible provider configured by OPENAI_BASE_URL. Do not provide confidential, regulated, customer-sensitive, or secret-containing documents unless that provider is approved for them, and remember the output directory may include a local source_bundle.md copy of the submitted materials.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill compiles uploaded source materials and sends them to an external LLM API for extraction, analysis, and asset generation, but this file shows no user-facing consent, warning, or data-classification gate before transmission. If users provide sensitive brand documents, internal contact data, customer cases, or confidential strategy materials, those contents are disclosed to a third-party service unexpectedly, creating a privacy and confidentiality risk.

Natural-Language Policy Violations

Medium
Confidence
96% confidence
Finding
The prompt hard-codes Chinese output for FAQ generation without any user-language negotiation or documented business need. In a reusable skill, this can cause unintended language switching, reduce usability for non-Chinese users, and lead downstream systems to publish or train on content in the wrong language, creating operational and trust issues.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.