Yq Industry Research Report

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This skill is a disclosed industry-report workflow that creates research files, charts, and DOCX/PDF reports, with no hidden executable payload or exfiltration behavior found.

Install this if you want a full research-report generator rather than a lightweight Q&A helper. Before using it on confidential or important projects, ask the agent to create outputs in a dedicated folder, avoid overwriting existing files, and confirm planned file writes first.

SkillSpector (1)

By NVIDIA

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill explicitly directs the agent to create and populate multiple files under docs/, data/, charts/, and memory/ as part of normal execution, but it does not require any user confirmation, safe output sandboxing, or checks against overwriting existing content. In an agent environment with filesystem access, this can lead to unintended data loss, workspace pollution, or overwriting user files if paths already exist or are symlinked/mapped to sensitive locations.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal