Prompt Evaluation
Security checks across malware telemetry and agentic risk
Overview
This is a documentation-only prompt evaluation skill with no executable code or hidden privileged behavior; the main caveat is that its example CLI script is not included.
Safe to install as a prompt-evaluation reference. Before running the example `node evaluate.js` commands, confirm which script will execute and that you trust its source, because this reviewed package does not include that implementation. Avoid putting secrets in prompt files or golden test sets if a separate evaluator sends them to an external model provider.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.