Data Analyst Partner

Security checks across malware telemetry and agentic risk

Overview

This skill is a plain-text analytics workflow that guides agents to use Grafana first and only escalate to ClickHouse queries when needed.

Installers should expect this skill to help with internal analytics and possibly query Grafana or ClickHouse through whatever tools and permissions the agent already has. Use it only where the agent is allowed to view the relevant business data, and review direct SQL or datasource-query steps before running them on sensitive production datasets.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The skill description is very broad and uses common analytics-support phrasing such as dashboard numbers, metric explanations, follow-up analysis, reports, and dashboard clarification. That can cause over-invocation or accidental routing of many ordinary business questions into this skill, which increases the chance of inappropriate tool use, unnecessary data access, or bypassing more specialized skills. The context makes this somewhat more sensitive because the skill is explicitly allowed to escalate from Grafana to datasource queries and direct ClickHouse access.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal