Security audit

Exhibitor Checklist Generator

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only trade show checklist skill; its lead-capture example touches personal data, but the behavior is disclosed, purpose-aligned, and not backed by code or hidden execution.

Safe to install as a planning checklist skill. Before using generated lead-capture tasks, make sure your event team has permission to scan badges, stores exported lead lists securely, limits retention, and follows event terms and applicable privacy rules.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: This markdown file includes lead capture, note-taking, CRM transfer, and final export of scanned visitor data, which can affect user privacy and regulated personal data handling. Under SQP-2 for markdown files, the description should warn users about privacy, consent, retention, or compliance considerations when collecting and exporting attendee information.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal