03 Logistics Alert

Security checks across malware telemetry and agentic risk

Overview

This is mostly a logistics analysis template, but it also tells agents to update supplier risk records and trigger business actions without clear approval controls.

Install only if you want an advisory logistics-risk workflow and can add your own controls. Require human approval before supplier scoring, violation records, inter-skill handoffs, customer or carrier outreach, limit assessments, compensation execution, or pausing new orders; also verify the cited platform rules before using it on real cases.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger section uses broad natural-language conditions such as asking about standards or compensation rules, pasting tracking text, or describing a package situation. In an agent environment, these loose triggers can cause the skill to activate on unrelated logistics-adjacent conversations, leading to unintended handling of sensitive order data or incorrect workflow takeover.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal