Back to skill

Security audit

Cs Escalation Brief

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only skill for drafting internal customer escalation briefs, and its sensitive inputs are aligned with that purpose.

Installers should treat outputs as internal business documents and provide only information they are authorized to share. Redact unnecessary personal data, avoid secrets or regulated data, and limit distribution to stakeholders who need the escalation brief.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly asks for sensitive customer and business information such as account name, ARR, renewal date, named contacts, escalation details, and churn risk, but provides no guidance on data minimization, redaction, access control, or safe handling. In a customer-escalation context, users may paste confidential CRM, contractual, or personal information directly into the model, increasing the risk of unnecessary exposure, overcollection, and improper downstream sharing.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.