Generate Mortgage Broker Team Client Education Handout
Security checks across malware telemetry and agentic risk
Overview
This skill appears to be a mortgage handout generator, but it asks for local file and shell access that is not explained by that purpose.
Review before installing. If you use it, restrict or remove Bash and Read unless you specifically want the agent to inspect local files or run commands, verify the package/repository identity before manual installation, and avoid providing confidential borrower data unless your privacy and compliance workflow allows it.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
63/63 vendors flagged this skill as clean.