Security audit

Construction Safety Inspection Checklist

Security checks across malware telemetry and agentic risk

Overview

This is a conversation-only construction safety inspection checklist with no code execution or hidden system access.

Install this if you want help running formal construction safety inspections. Confirm the agent is starting a full checklist before using it, avoid entering sensitive site details unless the chat environment is appropriate, and have a qualified HSE professional review classifications, corrective actions, and any Stop Work recommendation before relying on them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The activation criteria are broad enough to trigger on common safety-related phrases such as PPE compliance, housekeeping, or general site safety discussion, which can cause the skill to activate when the user did not intend to start a formal inspection workflow. In a safety context, unintended activation can lead to confusing or incorrect structured outputs, misfiled records, or user reliance on an incomplete inspection process.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.