Back to skill

Security audit

gpt

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only skill for using RunAPI as an OpenAI-compatible GPT and embeddings provider.

Install this only if you intend to use RunAPI as the OpenAI-compatible provider. Configure a RunAPI token, set the base URL deliberately, and avoid using it for requests where prompts, files, or embeddings should not be sent to RunAPI.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
85% confidence
Finding
The skill description is very broad and is likely to match a wide range of generic LLM-related user requests, causing this skill to be invoked in situations where a narrower or more appropriate skill should be selected. In an agent system, over-broad routing can expose secrets such as API keys to unnecessary third-party endpoints, increase unintended external data transfer, and create policy bypass or mis-execution risks.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.