Back to skill

Security audit

Generate Roofing Contractor Client Education Handout

Security checks across malware telemetry and agentic risk

Overview

This appears to be a roofing handout generator, but it grants shell/file access and has mismatched installation/source references that users should review first.

Review before installing. Confirm which publisher and repository you trust, and avoid granting Bash or local file Read access unless you have a specific user-approved reason. Use it only for roofing client education materials you provide, and review generated handouts before sending them to clients.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill description is generic enough that an agent could invoke it in situations beyond the author's intended scope, especially because it ends with an incomplete phrase ('Use when handling client education work for...'). Overly broad trigger text can cause misrouting or unintended execution, which is a real security/control issue in agent systems even when the underlying task is benign.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The 'Use When' section is too broad ('client education work for roofing owners, home service operators'), which may cause the skill to be selected for loosely related home-service tasks. In an agentic environment, ambiguous invocation boundaries increase the chance of inappropriate tool use or generation in the wrong context.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.