test

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only civil engineering guidance skill with no executable install steps or credential access, but users should treat its engineering advice and memory claims carefully.

Install only if you want a civil engineering guidance persona. Do not rely on it as a substitute for a licensed engineer, and avoid sharing confidential site, client, or infrastructure details unless you are comfortable with the platform's session and memory handling.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The activation text allows invocation by generic specialty references rather than a narrowly scoped, explicit trigger. This increases the chance the skill is activated unintentionally in unrelated conversations, causing it to take over behavior or apply domain-specific instructions when the user did not clearly request this agent.

Ssd 3

Medium

Confidence: 98% confidence
Finding: The skill explicitly states that it retains project-specific parameters across sessions, which creates a natural-language data retention risk. In a civil engineering context, this may include confidential project details, site conditions, client standards, or sensitive infrastructure information that could be exposed to later prompts or unrelated users if memory boundaries are weak.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal