Back to skill

Security audit

Board Pre Read

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward board pre-read writing template with no executable behavior or hidden access.

Installers should treat the content they provide as potentially sensitive board and company information, but the skill itself only structures user-provided material into a pre-read and does not ask for extra access or perform actions outside drafting.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
80% confidence
Finding
The manifest description contains broad trigger phrases like 'prepare a board pre-read,' 'board update/package,' and 'pre-meeting materials for a board,' which could cause the skill to activate on loosely related requests. Over-broad activation can route user input into the wrong skill, leading to irrelevant behavior or unintended handling of sensitive business context, though this file does not contain obviously malicious logic.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.