Back to skill

Security audit

Daily Report Generator

Security checks across malware telemetry and agentic risk

Overview

This work-report skill appears useful and not malicious, but it can broadly gather local work history and prepare it for external sharing with unclear consent boundaries.

Install only if you want the agent to inspect local work records to draft reports. Before use, specify exact source files or date ranges, review the full generated report before sharing, exclude sensitive repositories or memory logs, and require explicit confirmation before anything is sent or formatted for Feishu.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger phrases are broad enough to match ordinary workplace language such as asking what was done today or requesting a summary, which increases the chance of accidental activation. In this skill, accidental activation is risky because the advertised behavior includes automatic reading of logs, memory files, and Git history, potentially exposing internal work information without a clearly intentional user request.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The example invocations are open-ended and do not clearly signal that the skill may automatically inspect local work artifacts. That ambiguity makes it more likely a user will trigger broad data collection and summarization unintentionally, which can surface sensitive project details into a generated report.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill prominently advertises zero-input automatic collection from work logs, memory files, Git records, and project files, but does not provide a clear warning or consent boundary for that access. In context, this is dangerous because users may not realize the breadth of data being scanned and summarized, leading to inadvertent disclosure of confidential internal information.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
Offering direct Feishu output without a prominent warning creates a realistic exfiltration path for internal data collected from memory, logs, and repositories. Once sensitive report content is formatted for external posting, users may share confidential operational details, customer data, or source-code-derived information beyond the intended boundary.

Ssd 3

Medium
Confidence
96% confidence
Finding
The instructions encourage automatic inclusion of content from memory, logs, Git records, and project files, then mention sending the result to Feishu. This creates a natural-language data leakage channel where sensitive internal material can be aggregated and exported in a polished report without strong user awareness or filtering.

Ssd 3

Medium
Confidence
94% confidence
Finding
Weekly and monthly aggregation instructions direct the system to read and summarize broad historical memory files across multiple days or an entire month. This increases the likelihood that old, sensitive, or irrelevant information will be pulled into a report, magnifying confidentiality risk through aggregation over time.

Ssd 3

Medium
Confidence
96% confidence
Finding
The data-collection section instructs broad scanning across memory logs, long-term memory, task status, Git history, project files, and user-provided content. In this context, that breadth materially increases the attack surface for overcollection and accidental disclosure, because multiple sensitive sources can be merged into a single natural-language artifact that is easy to share onward.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.