Dialogflow Cx Nlu

Security checks across malware telemetry and agentic risk

Overview

The skill matches its Dialogflow CX management purpose, but it can directly delete production NLU resources without a confirmation or dry-run safeguard.

Install only if you are comfortable giving it Dialogflow access. Use least-privilege Google Cloud credentials scoped to the intended project or agent, double-check full resource names before update or delete commands, and export or back up production agents before using destructive operations.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The CLI exposes a destructive delete operation for intents and performs it immediately with no confirmation prompt, dry-run mode, or safeguard. In a tool that manages production Dialogflow CX resources, a mistyped resource name, scripting mistake, or accidental invocation can permanently remove NLU configuration and disrupt bot behavior.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The entity type deletion command is also destructive and executes without any pre-action warning or confirmation. Because entity types are core NLU assets, accidental deletion can break intent matching, parameter extraction, and downstream conversation flows in a deployed agent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal