Chief Data & Insight Officer

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed business data analysis and charting assistant with no evidence of hidden execution, credential access, persistence, or destructive behavior.

Install this if you want a skill that may activate on broad business-analysis prompts and produce chart widgets from data you provide. Avoid sharing confidential, regulated, or customer-sensitive business data unless your agent environment and widget/CDN rendering path are approved for that data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger phrases listed here are very generic business-analysis terms such as '帮我分析', 'ROI', '综合分析', and '可视化', which are likely to appear in ordinary conversations unrelated to explicitly invoking this skill. This can cause accidental activation, unintended routing of user data into the skill, and unpredictable behavior when other skills or general chat handling should have responded instead.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger conditions are very broad and match common requests like 'analyze this data' or 'visualize this', which can cause the skill to activate in contexts far beyond its intended scope. This increases the chance of unintended routing, where users may receive prescriptive business-analysis behavior or tool-driven output when they did not explicitly request this specialized skill.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal