Back to skill

Security audit

CAD洞察专家

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed CAD drawing analysis guide that uses local file reading and Python execution in ways that fit its stated purpose.

Install this if you want an agent to process local engineering drawings. Be aware it may read project drawing files and run Python-based parsing/OCR tooling, so use it only on files you are comfortable analyzing in your agent environment and confirm intent when a request only casually mentions generic terms like PDF or CAD.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
96% confidence
Finding
The trigger list includes many generic terms such as "PDF", "DWG", "CAD", "drawing", and "dimension" that are common in ordinary engineering and document-related conversations. In an agent platform, this can cause accidental skill invocation on unrelated user requests, broadening the attack surface and potentially causing untrusted files to be processed or `exec`-capable behavior to activate unexpectedly.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.