Training Report

Security checks across malware telemetry and agentic risk

Overview

The skill appears purpose-aligned, with the main caution being careful handling of personal details in generated reports.

Before installing, decide whether names, contact details, or identifiable feedback are truly needed. Prefer anonymized or aggregated inputs, confirm who will receive any report, and avoid including sensitive personal observations unless there is clear consent and a clear purpose.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly solicits named individual feedback, background, starting level, behavior, and contact details, and may place them into a report without any built-in privacy notice, minimization rule, or consent check. In common workplace settings, this can lead to unnecessary collection and disclosure of personal or performance-related information, especially when reports are shared with management or external clients.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal