Security audit

标书自用调整

Security checks across malware telemetry and agentic risk

Overview

This is a bid and tender document-writing guide with no active code or hidden system access found, though its activation language could be tighter.

Use this skill for actual bid, tender, or procurement proposal work. Treat tender files, pricing, qualifications, and competitor analysis as sensitive business information, and have legal or procurement staff verify compliance claims and commitments before submission.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The skill description and invocation guidance are broad enough to activate on many ordinary bidding, document-writing, and analysis requests without clear scoping limits. Over-broad triggering can cause unintended routing of user tasks into a powerful domain-specific skill, increasing the chance of mishandling sensitive procurement data, giving unreviewed compliance advice, or interfering with safer/default assistant behavior.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal