Back to skill

Security audit

Research Brief

Security checks across malware telemetry and agentic risk

Overview

This skill is a transparent research workflow that asks agents to save a visible draft file early and update it during research.

Install this if you want research agents to create a draft brief immediately and update it as they work. Use an explicit output path and avoid existing filenames if accidental file creation or overwrites would matter.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill explicitly instructs the agent to make its first tool call a file write and to continue modifying the file throughout the task, but it does not require user confirmation, sandboxing, or constraints on write location. In an agent environment with filesystem tools, this can cause unintended disk writes, overwrites, or persistence of partial/sensitive research artifacts, especially if the agent applies the rule broadly across tasks.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.