Security audit

WAPC Submission

Security checks across malware telemetry and agentic risk

Overview

This skill is a purpose-specific workflow for submitting WAPC award applications, with disclosed screenshot uploads and applicant-data submission that fit its stated function.

Install only if you want an agent to work inside your LoTW and mulandxc.com sessions, capture QSO evidence screenshots, upload them to the WAPC site, and submit applicant details. Review the selected screenshots and personal fields before the final save or submit step.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The workflow instructs the agent to upload local screenshot evidence files to a third-party site without any explicit user consent, privacy notice, or confirmation that the files contain only intended data. Because screenshots can include call signs, timestamps, account details, or unrelated desktop content, this creates a real risk of unintended data disclosure during automated submission.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The workflow automates submission of privacy-sensitive applicant information such as name, phone number, address, and callsign to a remote endpoint without any warning, minimization guidance, or consent checkpoint. This is dangerous because it enables silent transmission of personally identifiable information and increases the chance of overcollection, misdelivery, or misuse if the workflow is run in the wrong context.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal