Back to skill

Security audit

Bidding Doc Helper

Security checks across malware telemetry and agentic risk

Overview

This is a Markdown-only bidding document helper with disclosed, purpose-aligned document reading and no hidden execution, network, persistence, or credential behavior found.

Install if you want a Chinese-language assistant for bid-response frameworks and technical proposals. Be aware that tender files can contain confidential business and pricing information; only provide documents you are comfortable having the agent process, and confirm the task when the skill activates on broad bidding-related terms.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger keywords are broad business terms such as '招标文件', '投标', '技术方案', and '评分标准', which can appear in ordinary discussion, document review, or advisory conversations. This can cause the skill to activate when the user did not intend document-generation behavior, leading to irrelevant responses, over-collection of uploaded files, or unintended processing of procurement content.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.