Back to skill

Security audit

compliance-auditor

Security checks across malware telemetry and agentic risk

Overview

This is a checklist-style compliance auditing skill with no executable code or hidden access, though its trigger wording is broad and users should avoid sharing unnecessary sensitive data.

Safe to install as a drafting aid for compliance checklists and audit reports. Treat its outputs as draft guidance, verify legal or regulatory conclusions with qualified professionals, and avoid pasting unnecessary real PII, PHI, payment-card data, secrets, or confidential business records.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The manifest description uses very broad invocation cues such as regulatory expertise, audit types, data subject rights, consent management, and data processing, which can cause the skill to trigger on many ordinary compliance-related requests without clear scoping. Over-broad routing can misapply this skill in contexts where a narrower or jurisdiction-specific tool is needed, increasing the chance of incorrect guidance, overcollection of sensitive context, or unintended handling of regulated topics.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.