Estimate Builder

Security checks across malware telemetry and agentic risk

Overview

This appears to be an estimate-building skill whose file-writing behavior is expected for exporting spreadsheets, with no artifact-backed evidence of deception, exfiltration, or persistence.

Before installing, confirm you are comfortable with the skill writing spreadsheet exports to paths you request. Specify the output folder and currency explicitly for sensitive business documents, and avoid directing exports to system or configuration paths.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Low

Confidence: 92% confidence
Finding: The instruction 'Use USD unless user specifies otherwise' imposes a default locale/currency convention that may conflict with organizational language/locale policies when users have not opted in. The file does not justify the USD default as region-specific or otherwise constrained.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal