Back to skill

Security audit

Patent Gap Supply Chain

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed research workflow for public competitive-intelligence analysis, with no code, persistence, or hidden install behavior found.

Install only if you want an agent to perform competitive-intelligence research using public patent, corporate, procurement, hiring, and teardown information. Treat outputs as hypotheses unless independently verified, especially for stock or supplier decisions, and be aware that some referenced detail files are not included in this artifact.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill metadata contains very broad trigger terms such as competitive intelligence, industry analysis, supplier identification, and stock research, which can cause the skill to activate in many loosely related contexts. In an agent setting, overbroad activation increases the chance the workflow is invoked when the user did not intend supply-chain inference, leading to irrelevant or unnecessarily sensitive data collection and analysis.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The 'When to Use' section expands applicability across multiple sectors and includes generic conditions like industry analysis, supply-chain mapping, and suspected technology use, without sufficiently strict exclusion rules. Although Step 0 adds some applicability checks, the activation guidance is still broad enough that an agent may select this skill for weak matches, producing speculative intelligence outputs in contexts where evidence quality is low.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.