Plan Challenger Model Rollout

Security checks across malware telemetry and agentic risk

Overview

This is a planning-only sales rollout skill that writes a local plan and does not install code or send data, but employee assessment details should be handled as sensitive.

Install only if you are comfortable using the agent for sensitive sales-organization planning. Avoid entering employee names, performance tiers, manager diagnoses, or attrition notes unless the output file will be stored and shared under appropriate internal confidentiality controls; aggregated or pseudonymous identifiers are safer when names are not necessary.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The template explicitly asks for "count and names" of inactive Challengers and other employee assessment outputs, which can create a file containing identifiable performance/profile data without any minimization, access-control, or sensitivity guidance. In an enterprise setting, this risks unnecessary disclosure of HR-adjacent assessment information, especially if the artifact is broadly shared or stored in insecure locations.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal