Back to skill

Security audit

ai-staff-agent

Security checks across malware telemetry and agentic risk

Overview

This is a coherent productivity skill that can create files and use web research, but those behaviors are disclosed and match its stated purpose.

Install this if you want an agent that actively produces project files, cleaned datasets, copy, and research notes. Before using it, confirm exact output paths, ask for previews or diffs before writes, and avoid confidential data in web-research tasks unless that exposure is acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

High
Confidence
93% confidence
Finding
The skill's trigger criteria are extremely broad, covering generic requests like scaffolding, research, data wrangling, and production-ready output without strong boundary checks. This can cause the agent to activate inappropriately on common user prompts and perform unintended actions such as generating files, reading project context, or initiating downstream workflow steps the user did not explicitly request.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The standalone trigger guidance uses vague phrases like 'check this', 'review', 'verify', or 'make sure this is ready', which are common in ordinary conversation and can lead to incorrect skill routing. While this is less severe than direct code execution, it can still misapply the skill chain and trigger QA handoff behavior without sufficient contextual constraints.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill explicitly instructs saving generated code and cleaned outputs to user-accessible filesystem paths, but it does not require notifying the user or obtaining confirmation before modifying files. In practice, this creates a risk of unintended overwrites, silent data alteration, or writing artifacts to sensitive project locations, especially when combined with the broad activation criteria in this skill.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.