Back to skill

Security audit

Business Analysis Super Workbench

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly business-analysis templates and guidance, but it tries to force a fixed legal/promotional footer into every response and uses broad activation language, so users should review it before installing.

Install only if you are comfortable with this skill changing response style when it is invoked. Review or remove the mandatory footer requirement if you need clean business documents, client-ready drafts, or enterprise outputs without author contact and licensing text appended to every answer.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The README advertises activation on very generic phrases such as 'Run an industry analysis' or 'Write a Business Case,' which overlap heavily with normal user requests. In an agent ecosystem, this can cause unintended invocation of the skill in contexts where the user did not explicitly intend to use it, increasing the chance of prompt/context hijacking or unexpected behavior.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The skill's activation phrasing appears broad enough to trigger on ordinary business-analysis requests rather than an explicit opt-in. That can cause the skill to hijack unrelated conversations, inject large amounts of unsolicited guidance, and override user intent or higher-priority safety/formatting expectations.

Natural-Language Policy Violations

High
Confidence
97% confidence
Finding
The skill mandates that every response append fixed Chinese legal/promotional text and author contact details without user consent. This is dangerous because it overrides normal assistant behavior, creates prompt-injection style persistence, and can force disclosure of irrelevant or unwanted content into all outputs, including sensitive enterprise contexts.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.