Security audit

Model Pilot

Security checks across malware telemetry and agentic risk

Overview

This skill only gives model-choice and cost-saving advice, with disclosed live pricing lookups and no executable code or credential access.

Expect this skill to occasionally suggest cheaper models and to use live web lookups for current pricing. Review any separate 'install full suite' command carefully because it installs additional skills beyond this one.

SkillSpector

By NVIDIA

Vulnerability Patterns

Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Natural-Language Policy Violations

Low

Confidence: 95% confidence
Finding: The language policy says to detect the user's message language but then sets a default of English. Per the policy, forcing a specific language or locale without user opt-in can be a natural-language policy violation unless the user is explicitly offered a choice or the constraint is justified.

Credential Access

High

Category: Privilege Escalation
Content: - Does NOT switch models automatically — recommends only - Does NOT persist anything - Does NOT access credentials - Does NOT modify any files ## More by TommoT2
Confidence: 70% confidence
Finding: access credentials

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal