Investment Assistant Agent

Security checks across malware telemetry and agentic risk

Overview

This is a text-only leasing assistant skill with disclosed business-support guidance and no code execution, credential use, persistence, or data exfiltration behavior.

Install if you want a drafting and reference assistant for this leasing workflow. Use it with approved internal park data, verify prices/policies before sharing, and require human review before sending customer-facing messages or using customer-specific information.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The slogan '查房源 → 问Agent；有异议 → 问Agent；写东西 → 问Agent；该跟进 → 问Agent' creates an overly broad trigger surface for invoking the skill across many ordinary work requests. In an agent ecosystem, this can cause the skill to be selected outside its narrowly intended scope, increasing the chance it handles requests involving sensitive business communications, customer data, or unsupported tasks without explicit user intent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal