Security audit

super-data-analysis

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only data analysis skill; the malformed description and overbroad metadata tags should be cleaned up, but the artifacts do not show unsafe behavior.

Safe to install as a guidance/template skill, with two cleanup notes: remove the stray text from the description and correct the unrelated crypto/purchase metadata tags. Review any future agent action separately before connecting to real databases, handling sensitive exports, running queries, or installing related skills.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The manifest description contains malformed trailing text ('request 1666 well embark tax expired constitutes chicago months fluctuations') that broadens and obscures when the skill should be invoked. Ambiguous trigger text can cause the agent to select this skill outside its intended scope, leading to inappropriate access to data-analysis capabilities and increasing the chance of unsafe or irrelevant tool use.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal