Data Pipeline Builder

Security checks across malware telemetry and agentic risk

Overview

This is a small instruction-only ETL skill that openly describes data pipeline work and does not include hidden code or automatic execution.

Install only if you intend to let an agent help design or run ETL workflows. Before using it with live systems, confirm exact sources and destinations, use least-privilege credentials, review transformations, prefer dry runs or non-production data first, and require explicit approval before writes or scheduled jobs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: This skill is explicitly designed to move data between databases, APIs, cloud storage, and file systems, but the description provides no warnings about sensitive data handling, credential use, trust boundaries, or external data exfiltration risks. In an agent context, that omission is dangerous because users may invoke cross-system transfers without understanding that the skill can propagate confidential data, overwrite destinations, or connect to untrusted endpoints.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal