Back to skill

Security audit

Community Management Playbook

Security checks across malware telemetry and agentic risk

Overview

This is a non-executable community management playbook skill with a privacy guidance gap, but no hidden behavior or unsafe automation.

Before using this playbook operationally, adapt the DM templates to your privacy policy: collect only what support truly needs, avoid sensitive personal or payment data in social DMs, redact screenshots where possible, and move identity or account issues to an approved secure support form or ticketing system.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill repeatedly instructs community managers to move complaints into DMs and request details such as order numbers, account emails, and screenshots, but it provides no guidance on data minimization, secure handling, retention, or avoiding collection of unnecessary personal data over social platforms. In a real workflow, this can normalize collecting customer data through insecure or poorly governed channels, increasing privacy, compliance, and account-compromise risk.

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.