Back to skill

Security audit

vke-decision-workflow

Security checks across malware telemetry and agentic risk

Overview

This skill is a structured workflow for creating local VKE decision documents and shows no hidden code, credential access, or data exfiltration.

Install this if you want an agent to organize VKE business-decision work into local evidence and report files. Use a dedicated case folder, make clear whether external research is allowed, and review proposed artifact changes if you only wanted analysis rather than file updates.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The skill can be implicitly invoked with a very broad description of turning a VKE request into decision artifacts, without clear boundaries on when it should activate or what inputs are in scope. This increases the chance of unintended activation on loosely related prompts, causing the agent to generate or modify sensitive business-analysis artifacts based on ambiguous or adversarial user input.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.