General Industry Research Assistant

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only industry research helper with no hidden code, credential use, persistence, or destructive behavior.

Installers should expect this skill to help structure industry and market research reports. For ambiguous requests, confirm the target industry, geography, timeframe, and research purpose before using it, and verify any sourced market data independently.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The skill advertises very broad trigger phrases such as 'industry research', 'market research', 'competitive analysis', and 'industry report', which can match many generic user requests and cause the skill to be invoked when a more specific or better-scoped skill would be appropriate. This is not directly code-execution dangerous, but it can lead to unintended activation, overbroad handling of requests, and routing errors that increase the chance of incorrect outputs or misuse in larger agent workflows.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal