Security audit

network-engineer

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only network engineering skill whose broad infrastructure guidance matches its stated purpose, though real network changes should stay explicitly scoped and approved.

Safe to install as a guidance skill. Before letting it operate through cloud, DNS, firewall, routing, VPN, or monitoring tools, set a clear scope, require explicit approval for changes, use a change window and rollback plan, and share only the network details needed for the task.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The skill's invocation and execution scope are broad and underspecified: it activates on generic network-engineering contexts and then proceeds to review architecture, analyze vulnerabilities, and implement solutions without clear guardrails. In an agentic environment, this ambiguity can cause the skill to run in unintended contexts, take overly broad actions, or influence security-sensitive network changes without explicit user confirmation.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.