Llm As Judge

Security checks across malware telemetry and agentic risk

Overview

This is a coherent instructional skill for LLM evaluation that discloses cloud API use and has no hidden execution, but users should handle evaluation data and logs carefully.

Install this if you intend to run LLM evaluation workflows with external judge providers. Use scoped API keys with spending limits, confirm provider data-handling settings, and avoid logging raw prompts, source text, candidates, ground truth, or judge rationales unless the data is non-sensitive or logs are redacted, access-controlled, and retention-limited.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The guidance to "store raw judge responses for debugging score disputes" encourages logging full model outputs without any warning about sensitive, user-provided, or proprietary content that may appear in prompts, candidates, or judge rationales. In an evaluation pipeline, these logs can accumulate confidential data and create a secondary exposure surface through log stores, dashboards, backups, and support tooling.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal