Back to skill

Security audit

Fox Data Analyst

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent data-analysis helper, but it gives the agent write-capable database access without enough safety guidance or scoping.

Install only if you are comfortable giving the agent database-query capability. Use read-only or least-privilege database credentials by default, avoid putting passwords in shared prompt/config files, inspect every generated SQL statement before running it, and treat UPDATE, DELETE, INSERT, DROP, ALTER, and similar commands as live data changes that need backups and explicit approval.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill includes a direct `UPDATE products SET category = LOWER(TRIM(category));` example without clearly warning that it mutates source data. In a data-analysis skill, users may copy examples into production databases, causing unintended bulk modifications, data corruption, or irreversible normalization of business-critical fields.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The MySQL branch invokes `mysql $DB_CONNECTION -e "$query"` with the connection string unquoted, so shell metacharacters, spaces, or command substitutions in `DB_CONNECTION` can be interpreted by the shell before `mysql` runs. Because `DB_CONNECTION` is accepted from environment variables and the `--db` CLI flag, an attacker who can influence that value may achieve command injection or argument injection on the host running the skill.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.