Audience Sentiment Intent Analyzer

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only skill for analyzing audience sentiment, and its sensitive API and message access is disclosed and aligned with that purpose.

Install only if you are authorized to analyze the connected accounts and messages. Use least-privilege API credentials, keep secrets out of prompts and repositories, restrict Slack alert destinations, and avoid processing DMs or email content without appropriate consent and retention controls.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill explicitly ingests privacy-sensitive sources such as DMs, email, and Slack-connected alerts, but the user-facing overview does not clearly warn about handling personal or confidential data. In a sentiment-analysis skill, this omission increases the risk that operators process sensitive communications without appropriate consent, minimization, retention, or disclosure controls.

Missing User Warnings

Low

Confidence: 90% confidence
Finding: The configuration section requests multiple sensitive secrets, including API tokens, a service-account JSON path, and a Slack webhook, but does not include secure-handling guidance. This can lead users to store, share, or log credentials insecurely, increasing the chance of account compromise or unauthorized access to social, email, and notification systems.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal