Security audit

Insight Finder

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only data analysis skill that appears purpose-aligned, with the main caution being that it may activate on broad data-analysis requests or pasted tabular content.

Install this if you want an agent to help analyze datasets and generate structured statistical reports. Avoid pasting or pointing it at confidential, regulated, or production data unless you are comfortable with your agent processing that content, and review results because statistical findings may be hypotheses rather than proven causes.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The auto-activation conditions are broad enough to match ordinary user requests such as 'analyze this data' or the presence of tabular text, which can cause the skill to engage unexpectedly. This creates prompt-routing and scope-confusion risk: the agent may invoke this skill when the user did not explicitly intend it, potentially changing behavior, output format, or handling of sensitive data.

Natural-Language Policy Violations

Medium

Confidence: 83% confidence
Finding: The description specifies Chinese-language behavior without indicating that output should follow the user's language preference. While not a direct security exploit, forced language can mislead users, reduce transparency of findings, and interfere with review or downstream safety controls that assume user-aligned language.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal