Rudigta Search V1

Security checks across malware telemetry and agentic risk

Overview

This is a simple web-search skill whose broad internet-browsing behavior is disclosed and matches its stated purpose.

Install this only if you want a broad web-search and URL-browsing helper. Do not put secrets, private account details, or sensitive personal data into search queries or URLs, and treat browsed web content as untrusted.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The skill is defined as a general-purpose internet search tool with effectively no topic boundaries, which creates an overly broad activation scope. In an agent setting, this can cause the skill to be invoked for sensitive, high-risk, or policy-restricted requests without additional narrowing, increasing the chance of unsafe retrieval, overreach, or misuse.

Natural-Language Policy Violations

Medium

Confidence: 84% confidence
Finding: The skill content is written as if Indonesian is the default interaction language ('Gunakan skill ini', 'Terima perintah'), without stating that language should follow user preference. This can cause mismatched-language responses, reduced user comprehension, and accidental mishandling of instructions, though it is more a quality and usability weakness than a direct security flaw.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal