Powershell Sandbox

Security checks across malware telemetry and agentic risk

Overview

The skill is not shown stealing data or damaging systems, but its sandbox safety claims appear stronger than its documented test coverage supports.

Install only if you will treat it as experimental or review-only. Do not rely on it to safely run untrusted scripts in production until file isolation, output/resource limits, and host/.NET capability restrictions are tested, documented, and independently reviewed.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Intent-Code Divergence

Medium

Confidence: 94% confidence
Finding: The document makes strong security assurances such as 'safe for untrusted scripts' and 'ready for production use' while the same file lists untested areas including file path isolation, output limits, and .NET type restrictions. This can mislead operators into deploying the sandbox in higher-risk contexts before critical containment properties are validated, increasing the chance of sandbox escape, data exposure, or denial of service.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal