Construction Daily Report Generator

Security checks across malware telemetry and agentic risk

Overview

This is a text-only construction reporting skill that formats user-provided site notes into a daily report without requesting code execution, credentials, persistence, or external access.

Safe to install for drafting construction daily site progress reports. Be mindful that the skill asks for operational and personnel details; avoid entering confidential project information unless you are comfortable having the agent process it, and clarify when a request is not construction-related.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The skill's activation phrases include generic terms like "daily report," "site report," and rough-note/voice-transcription descriptions that may appear in ordinary conversation. This can cause unintended invocation, pulling the agent into a rigid reporting workflow and potentially causing it to elicit, structure, or retain project details when the user did not intend to use this skill.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal