Report Generator

Security checks across malware telemetry and agentic risk

Overview

This is a prompt-only weekly report generator; it may lead users to share sensitive work details, but it does not run code or access data on its own.

Use this only with an AI service your organization permits. Before pasting work updates, remove confidential company information, real names, customer identifiers, exact financials, HR records, source code, credentials, and unreleased business details unless you are authorized to share them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly instructs users to paste detailed weekly work information, and its examples/templates encourage inclusion of project status, blockers, metrics, customer data, personnel data, and financial details. Without any privacy warning, minimization guidance, or redaction instructions, users may disclose sensitive business, personal, or confidential information to an AI system unintentionally.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal