Back to skill

Security audit

SOUL.MD

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent persona-building tool, but it asks agents to ingest sensitive personal material and present as the person without enough privacy or transparency guardrails.

Install only if you intend to use it for explicit persona or style-emulation work. Do not place secrets, credentials, health, financial, legal, private-message, or third-party personal data in the data folders without consent and redaction. Treat generated SOUL.md, STYLE.md, and example files as sensitive personal profiles, and review outputs so they do not misleadingly claim to be a real person or speak with unauthorized endorsement.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill explicitly instructs the agent to inspect personal archives such as social media exports and private writing in order to infer identity, opinions, and worldview, but it provides no consent check, privacy notice, minimization guidance, or handling limits for sensitive data. In this context, that creates a real privacy risk because the agent is encouraged to process potentially intimate personal data and derive additional sensitive inferences beyond what the user may expect.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README explicitly encourages users to place personal exports and writing samples into a local data folder for agent ingestion, but provides no warning about sensitive data, consent, retention, or downstream disclosure risks. In the context of a personality/identity skill, this creates a realistic chance that highly personal content, private correspondence, or third-party data will be exposed to the agent, echoed in outputs, or committed/shared unintentionally.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill description is extremely broad ('Embody this digital identity') and provides no narrow trigger conditions, so it could activate in many unrelated contexts where impersonation or persona-steering is inappropriate. Broad activation increases the chance the agent will apply high-risk identity instructions accidentally or when the user did not explicitly request roleplay or impersonation.

Natural-Language Policy Violations

High
Confidence
98% confidence
Finding
The skill explicitly instructs the model to hide its AI nature and present itself as a real person ('Never break character', 'No as an AI', 'You ARE this person'). That creates a direct impersonation/deception risk, can mislead users about authorship or identity, and may facilitate social engineering or unauthorized endorsement in contexts where the represented person's views matter.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The guide explicitly encourages adding email threads, notes, and journals, which commonly contain sensitive personal, confidential, or third-party information, but provides no privacy, consent, retention, or redaction guidance. In a skill designed to ingest broad personal source material to emulate a person's identity, this creates a realistic risk of over-collection and unintended exposure of sensitive data to the model or downstream users.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.