Search Synthesis Expert

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward web research skill that tells the agent to search the web and summarize sources, with no hidden code, persistence, or credential use found.

Install this only if you are comfortable with an agent using browser automation to send search queries and visit third-party websites. Avoid giving it confidential prompts, internal project names, credentials, or sensitive personal data unless you are comfortable with those terms appearing in search engines or target sites.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill explicitly instructs browser automation to open search engines, submit queries, click links, and extract content, but it does not warn the user that their prompts or derived search terms may be transmitted to third-party websites. This can expose sensitive user data, internal project details, or research intent over the network without clear consent, especially because the skill is designed for broad web collection across multiple sources.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal