Liberating Structures

Security checks across malware telemetry and agentic risk

Overview

This is a knowledge-only facilitation skill, with one privacy-related guidance gap around recording participants but no agent-side access, persistence, or hidden behavior.

Before using this skill in live workshops, treat any advice to record participants as requiring explicit opt-in consent, a clear purpose, limited access, secure storage, and a deletion plan. The skill otherwise appears safe to install as a reference-only facilitation aid.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The guidance explicitly suggests recording participants with cameras and video recorders but provides no instruction to obtain informed consent, explain purpose, or address storage and sharing of recordings. In a facilitation context, participants may disclose sensitive feelings, attitudes, or therapeutic/emotional content, making unconsented recording a meaningful privacy and trust risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal