Back to skill

Security audit

Intelligence Brain

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent company-intelligence workflow, but it asks agents to automatically ingest, route, mirror, monitor, and delete business data without enough user-control safeguards.

Review before installing in any real company workspace. Use it only where the agent has explicit permission to read the listed business sources, send allowed classifications to external models or cloud documents, and clean up generated raw/parsed files. Disable or gate deletion and cloud mirroring unless retention, access control, and approval rules are already in place.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger phrases are very broad and include generic terms like '知识图谱', '决策支持', 'AI大脑', and '信号处理', which can cause the skill to activate in many unrelated contexts. Because this skill includes aggressive collection, routing, inference, and deletion behavior, overbroad activation increases the chance of unintended invocation on sensitive enterprise content and can lead to unauthorized processing or accidental data handling.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly defines a destructive retention policy in which original outputs are marked as consumed and cleaned within 24 hours, but the user-facing description does not present this as a prominent warning or require consent. In a skill designed to ingest cross-department files and external signals, silent or poorly disclosed deletion behavior can cause irreversible loss of business records, forensic evidence, or source material needed to validate the model's conclusions.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The playbook prescribes automatic deletion of raw and parsed data on a fixed schedule, but it does not require confirmation, retention exceptions, backup validation, or user-visible warning about irreversible loss. In an intelligence pipeline handling reports, directives, feedback, and system events, this can destroy audit trails, evidence, or recoverable source context needed for verification, incident response, and compliance.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The pipeline ingests potentially sensitive sources such as customer feedback, department reports, CEO directives, and system anomalies, then later routes processed outputs to shared folders without any privacy classification, minimization, access-control, or handling restrictions tied to those source types. In this skill's context, which explicitly acts as a company-wide intelligence engine, that omission increases the chance of oversharing confidential or regulated information across departments or exposing it to inappropriate downstream destinations.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.