Security audit

Booth Script Generator

Security checks across malware telemetry and agentic risk

Overview

This text-only skill generates trade-show booth scripts and is coherent, with the main caution being privacy and legal review for lead-capture language.

Safe to install as a drafting aid. Before using generated scripts at an event, add consent language for collecting emails or badge data, separate requested follow-up from marketing opt-in, and have legal/compliance review claims for regulated industries or named customer proof points.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Natural-Language Policy Violations

Low

Confidence: 85% confidence
Finding: The description embeds trigger phrases in several languages, but the file does not state whether responses should match the user's language or whether language selection is optional. This can create a locale-policy ambiguity because the skill advertises multilingual invocation without an explicit user-choice mechanism.

Autonomous Decision Making

Medium

Category: Excessive Agency
Content: - Surface the problem without leading ("What does your current process for X look like?") - Reveal timeline and urgency - Surface buying authority ("Is this something you'd evaluate with your team?") - Flag budget signals without asking directly about budget Bad qualification questions: - Yes/no questions that dead-end
Confidence: 75% confidence
Finding: without asking

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal