Back to skill

Security audit

Import Product Investigator

Security checks across malware telemetry and agentic risk

Overview

This skill has a coherent consumer-protection purpose, but it automatically saves product photos, receipts, payment records, and browsing screenshots locally without clear consent or retention controls.

Install only if you are comfortable with the agent saving an evidence folder on your machine. Before using it, avoid uploading receipts or payment records unless needed, redact names, addresses, order IDs, and card details, and delete the generated evidence package when the investigation is finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill claims to rely on public-information tracing, but it also instructs automatic collection and local storage of user-uploaded photos and purchase evidence, which may contain personal or financial data. This expands the data-handling scope beyond what is necessary for the stated purpose and creates avoidable privacy and retention risk if the files are stored without explicit consent, minimization, or deletion controls.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The fixed local evidence-bag workflow persistently stores screenshots, packaging images, receipts, and other artifacts under a predictable path, even when long-term retention is not essential to answer the user's question. Predictable persistent storage increases the chance of unintended exposure, overcollection, and cross-session data leakage, especially on shared or multi-tenant systems.

Vague Triggers

High
Confidence
92% confidence
Finding
Automatically activating the skill on any product image is overly broad and can cause the system to process and potentially store images without clear user intent. In this skill, that danger is amplified because later sections instruct automatic evidence saving, so an ambiguous trigger can lead directly to unconsented handling of potentially sensitive images.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill explicitly directs automatic saving of user-uploaded images to a local evidence directory without a just-in-time warning or consent prompt. User images may include personal surroundings, addresses, serial numbers, or other sensitive metadata, so silent persistence creates privacy and data-governance risk.

Missing User Warnings

High
Confidence
98% confidence
Finding
Receipts and payment records commonly contain names, phone numbers, partial card/account details, addresses, order IDs, and merchant information. Directing collection and storage of such records without explicit upfront notice, minimization, and protection materially increases the risk of exposing sensitive personal and financial data.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Automatic directory creation and continuous screenshot capture create persistent artifacts of browsing and investigation activity without a clear user-facing warning. These screenshots may capture personal data, account identifiers, or unrelated page content from third-party sites, expanding privacy exposure beyond the skill's core purpose.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.