Back to skill

Security audit

Due Diligence Analyst

Security checks across malware telemetry and agentic risk

Overview

The skill shows no hidden malware-like behavior, but it overstates high-stakes due-diligence and background-check capabilities that are mostly unimplemented and under-scoped.

Review carefully before installing. Treat this as an early-stage LLM drafting assistant, not a real due-diligence system. Do not rely on its reports for investment, legal, hiring, credit, or partnership decisions without independent verification, qualified human review, and proper authorization for any personal-background or credit-related checks.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The skill advertises comprehensive due diligence for investment decisions, but the shown implementation mainly routes requests to basic company analysis, generic LLM responses, or placeholder 'under development' messages. In a due-diligence context, this capability mismatch can materially mislead users into relying on incomplete analysis for financial or legal decisions, creating a security-relevant integrity and trust problem.

Intent-Code Divergence

Low
Confidence
91% confidence
Finding
The system prompt tells the model that 'complete due diligence' is an available function, while the code path for full due diligence explicitly says it is still under development. This inconsistency can cause the assistant to overstate capabilities, fabricate outputs, or induce users to trust nonexistent analysis features.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The README advertises very broad natural-language trigger phrases such as generic company analysis requests without any explicit scoping, consent, or activation constraints. In a chat-integrated skill, this can cause unintended invocation on ordinary user messages, increasing the chance of accidental processing of sensitive corporate or personal data.

Missing User Warnings

High
Confidence
95% confidence
Finding
The feature list includes founder/executive background verification and credit record checks, but the README provides no prominent warning about privacy, legality, consent, or jurisdictional restrictions. Because these activities involve highly sensitive personal data, omission of safeguards can lead to unlawful collection, misuse of personal information, and serious compliance exposure.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README promotes automated report generation but does not clearly warn that reports may contain sensitive allegations, incomplete findings, or model errors and should not be relied on without human verification. In a due-diligence context, unverified reports can directly influence investment, legal, hiring, or partnership decisions, amplifying harm from false positives or mishandled sensitive content.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The consultation triggers are broad enough to match ordinary questions like 'What is due diligence?' or general finance/legal inquiries, which can cause the skill to activate unexpectedly outside a clearly scoped user request. In an agent environment, overly broad routing increases the risk of prompt hijacking, unintended tool invocation, or the model handling sensitive business/legal topics when the user did not explicitly opt into this skill.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.