Global Compliance

Security checks across malware telemetry and agentic risk

Overview

This package is advertised as a global compliance skill, but it also contains separate video-generation instructions that ask agents to install and run external tooling.

Review before installing. Treat this as a mislabeled or mixed package: do not run the video-generation setup commands, clone the external video repository, or provide an OpenAI API key unless you deliberately want that separate workflow and have verified it yourself. The publisher should republish with only compliance-related files or split the video generator into a correctly labeled skill.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (9)

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: The file claims to be a `video-generator` skill while the provided skill metadata identifies it as `global-compliance`. This identity mismatch can cause the wrong skill to be invoked, installed, or trusted, creating a supply-chain style confusion risk where users or agents execute unrelated commands under a misleading label.

Description-Behavior Mismatch

High

Confidence: 99% confidence
Finding: The file is packaged under metadata claiming a global compliance skill, but the actual content is a video-generation workflow with installation, cloning, API key setup, and execution instructions. This capability/identity mismatch is dangerous because it can cause an agent or reviewer to trust and invoke a materially different tool than advertised, enabling deceptive execution paths and unauthorized external API usage.

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The auto-trigger rules are broad enough to match many ordinary conversations about videos, scripts, or media, causing the agent to invoke this skill without strong user intent confirmation. In this skill's context, that can lead to unnecessary command execution, repository use, API calls, and data being sent to external services when the user may have only been asking for advice or discussion.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill emphasizes automated generation features but does not clearly warn at the point of use that user-provided script/audio content will be transmitted to external OpenAI services and may incur usage-based charges. That creates a privacy and consent problem, especially if sensitive or regulated content is processed under the mistaken belief that rendering is purely local.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The auto-trigger rules are overly broad, including generic phrases like making or generating a video and even text that merely resembles a script. In an agent setting, this can cause unintended invocation of shell commands, project execution, and API-consuming workflows from ordinary conversation without sufficiently specific user intent.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The example trigger phrases are common conversational expressions and are marked as cases where the skill 'must' be used, which pressures an agent into routing too aggressively. That increases the chance of accidental tool use, unnecessary network/API activity, and creation of files from ambiguous or low-confidence requests.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill instructs the agent to run commands that generate files locally and call external OpenAI APIs, but it does not require an explicit user-facing warning about cost, data transfer, or side effects before execution. This is risky because user-provided script content may be sent to third parties and persisted to disk without informed consent, especially in environments where inputs may contain sensitive information.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The auto-trigger rules are broad enough to activate on many ordinary user messages containing common compliance or privacy terms, which can cause the agent to invoke this skill without clear user intent. In this context, unintended invocation matters because the skill is positioned to process sensitive documents and generate outputs, increasing the chance of unnecessary data exposure or inappropriate tool use.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The usage guide instructs the agent to collect company information and run commands that read input files and write reports or generated policies, but it does not require an upfront warning or confirmation about handling potentially sensitive business or personal data. That creates a real privacy and safety issue because users may provide confidential content without understanding that it may be stored in files, transformed into outputs, or processed by external tooling.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal