Daily Task Planner Skill

Security checks across malware telemetry and agentic risk

Overview

This is a lightweight daily planning template skill with no executable code, hidden data access, persistence, or credential handling.

This skill is reasonable to install as a simple productivity template. Treat it as planning guidance only, avoid pasting secrets or sensitive personal data into task notes, and note that it includes a disclosed PayPal donation link.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 85% confidence
Finding: The skill's 'When to use' section is broad enough to match many generic planning requests, which can cause unintended activation or over-selection relative to more specific skills. This is not a direct code-execution or data-exfiltration issue, but it can weaken routing precision and lead users into an overly generic workflow that is not the best fit for their request.

Vague Triggers

Medium

Confidence: 83% confidence
Finding: The example trigger phrase is phrased like normal everyday speech and is too vague to reliably distinguish this skill from other general productivity or writing helpers. If used for routing or invocation examples, it may increase accidental activation frequency and reduce predictability of skill selection.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal