Bot Factory

Security checks across malware telemetry and agentic risk

Overview

This is a template-only skill for designing AI agents; it has broad trigger phrases but no code, credentials, or hidden system access.

Install risk is low because this is documentation, not runnable code. Users should be aware that its broad trigger phrases may activate it during ordinary agent-design conversations, and any future implementation of the suggested CRM, ERP, refund, CI/CD, or analytics integrations should be reviewed separately for credentials, permissions, and data access.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The skill advertises very broad automatic triggers such as generic agent-, architecture-, design-, and template-related keywords. In an environment where skills can auto-activate based on user phrasing, this can cause unintended invocation, routing confusion, or accidental disclosure of context to the wrong skill, especially because these terms are common in normal conversations about AI workflows.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The manifest trigger "agent builder" is short and semantically broad, making it likely to overlap with ordinary user requests like "help me build an agent." This increases the chance of accidental activation or hijacking of unrelated requests, which is a real security and reliability concern in trigger-based skill ecosystems.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal