Research Company

Security checks across malware telemetry and agentic risk

Overview

This skill researches public company information online and creates a PDF report, with no evidence of hidden data access, exfiltration, or persistence.

Install only if you are comfortable with the agent searching the web, installing ReportLab if missing, writing a temporary JSON file, and saving a PDF in your workspace. Verify important business claims and sources before relying on the report.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The invocation text is broad enough to match generic requests like analyzing a business or creating an account profile, which can cause the skill to trigger outside its narrow intended use. Because the skill performs external searches and writes PDFs, overbroad activation can lead to unnecessary network activity, unintended file generation, and accidental processing of user-provided URLs or targets without clear consent.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The workflow directs the agent to perform web fetches/searches and write a JSON file plus a PDF, but the user-facing description does not clearly warn that network access and file creation will occur. This reduces informed consent and can surprise users with external data retrieval or persistent artifacts in the workspace, especially if the skill auto-invokes from a loosely matched prompt.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal