Market Research Reports

Security checks across malware telemetry and agentic risk

Overview

This skill coherently creates market research reports and visuals, with expected local file creation and build commands but no evidence of hidden data access, persistence, or exfiltration.

Install this only if you are comfortable with it writing report folders and running local Python/LaTeX commands in a project directory. Verify that the referenced helper skills and LaTeX tools are installed from trusted sources, and review generated report content and citations before using it for business or investment decisions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Low

Confidence: 81% confidence
Finding: The skill instructs the agent to create a project directory tree and write multiple files in the workspace without first warning the user or requiring confirmation. In an agent setting, silent workspace modification can overwrite existing work, create clutter, or prepare staging areas for later command execution.

Missing User Warnings

Low

Confidence: 88% confidence
Finding: The markdown includes a shell-based LaTeX compilation workflow that executes external commands (`xelatex`, `bibtex`) without a safety warning. Running build tools on generated or untrusted `.tex` content can consume resources, modify many auxiliary files, and in some TeX configurations may expose command-execution or file-read risks.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal