c-level-advisor

Security checks across malware telemetry and agentic risk

Overview

This is a coherent executive-advisory skill suite, but it stores sensitive company context and decision records locally, so users should treat its outputs as confidential business records.

Install only if you are comfortable keeping company strategy, financials, personnel details, board discussions, and decision history in local files. Before sharing generated decks, CSVs, or reports, review and redact sensitive names, numbers, security details, and employee data. Prefer explicit role invocation to avoid broad routing, and periodically review or delete local memory files you no longer need.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (28)

Description-Behavior Mismatch

High

Confidence: 94% confidence
Finding: The file’s declared identity and behavior are narrowly scoped to a standalone CPO advisor, while the enclosing skill metadata describes a broader multi-role c-level advisor. This mismatch can cause incorrect routing, trust boundary confusion, and policy bypass in systems that rely on manifest/skill descriptions for capability selection, review, or authorization.

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: The file declares itself as the skill "ma-playbook" with M&A-specific behavior, while the provided skill metadata says the skill is "c-level-advisor." This identity/content mismatch is a real integrity issue because agents, reviewers, or users may rely on manifest-level expectations and unintentionally load or route a different capability than intended, undermining trust, policy scoping, and review accuracy.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The file explicitly describes a 'Two-layer memory' that stores raw transcripts and approved decisions, but it does not mention user consent, retention limits, redaction, or handling of sensitive business information. In a skill aimed at founders and executives discussing strategy, fundraising, personnel, and risk, transcript retention can expose highly confidential data and create privacy, compliance, and insider-information risks if accessed or reused improperly.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The setup flow instructs users to store company name, stage, revenue, runway, priorities, and risks in a local file, but it provides no warning about confidentiality, retention, or downstream access by other agents. Because the file is explicitly shared across the ecosystem, sensitive business information may be exposed more broadly than users expect.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The template explicitly encourages sharing a board deck but does not warn that the deck aggregates highly sensitive financials, customer pipeline, named personnel, security posture, compliance status, and strategic plans. In practice, users may export or circulate the deck broadly without applying access controls, redaction, or audience scoping, increasing the likelihood of confidential business or security information leakage.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill persists full board-meeting transcripts and approved decisions to memory files, but the user-facing description does not clearly warn that sensitive strategic discussions may be stored. In this context, meetings can contain confidential business plans, hiring issues, financial projections, security concerns, and legal-risk discussions, so silent retention increases privacy and data-exposure risk if memory is later accessed, reused, or leaked.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The skill description contains very broad activation phrases such as general references to strategy, fundraising, board meetings, and executive leadership. In agent-routing systems, this can cause the skill to be invoked for ordinary business conversations that do not specifically require CEO-level behavior, increasing the chance of unintended context access, overreach, or policy bypass through misrouting.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The skill description contains broad trigger phrases such as reorg, pivot, leadership, and change rollout that are common in ordinary business conversations. This can cause the skill to activate when a user did not explicitly request change-management guidance, leading to unintended routing, over-collection of context, or inappropriate advice being injected into unrelated executive discussions.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill instructs the agent to write decision records to a persistent local path (`~/.claude/decision-log.md`) without any explicit user consent, warning, or scoping controls. In an agent environment, silent writes to user storage can create privacy, integrity, and persistence risks by storing sensitive business decisions, questions, or metadata in a file the user did not knowingly authorize.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The complementary skill triggers include very broad natural-language phrases such as "change," "competitor," and "how do we run," which can match many ordinary business prompts and cause unintended routing to the wrong skill. In an agentic system, ambiguous dispatch can expose irrelevant capabilities, bypass expected role-specific handling, and create prompt-routing confusion that an attacker or even a normal user could exploit to steer the workflow away from the intended advisor.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The skill's invocation description matches on very broad HR-related terms such as 'HR', 'talent', 'compensation', and 'performance management', which are common across many business conversations. This can cause the CHRO advisor to be selected in contexts where it is not the best fit, increasing the chance of inappropriate routing, overcollection of sensitive employee context, or role confusion in multi-skill systems.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The CSV export includes highly sensitive HR data such as names, salaries, equity values, performance indicators, gender, and ethnicity, and outputs it directly with no consent check, redaction, warning, or access control. In an agent skill context, this increases the chance that a user or downstream system exports regulated employee data unintentionally, creating privacy, confidentiality, and compliance risk.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The skill description uses a long, broad set of common marketing and executive terms as invocation cues, which can cause the agent to trigger this skill in loosely related contexts without strong constraints. That increases the chance of inappropriate routing, context bleed, or over-application of this skill's instructions, especially because it also contains mandatory behavior such as always reading company-context.md and role invocation syntax.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The description includes broad, common business terms like operations, process improvement, scaling, and execution without strong gating conditions. In agent-routing systems, this can cause the skill to activate in many ordinary conversations, increasing the chance of inappropriate context capture, conflicting guidance, or unintended instruction precedence.

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The keyword list contains many generic terms such as operations, execution, scaling, and efficiency that are likely to appear in unrelated requests. This broadens matching beyond the intended skill boundary, making accidental invocation more likely and increasing the risk of irrelevant or misleading operational advice being injected into other workflows.

Vague Triggers

Medium

Confidence: 77% confidence
Finding: The description contains very broad trigger language such as using the skill whenever users mention common product topics, which can cause accidental activation in ordinary business conversations. Over-broad matching increases the chance the wrong skill handles a request, potentially leaking context, producing irrelevant advice, or bypassing more appropriate safeguards tied to narrower routing.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The skill description includes a very broad set of common revenue and sales terms that can cause the agent to invoke this skill in loosely related contexts without strong gating. Over-broad activation can route users into specialized strategic guidance unexpectedly, increasing the chance of irrelevant advice, context confusion, and accidental exposure of sensitive business context to the wrong skill workflow.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill explicitly instructs the agent to persist a detailed company profile under ~/.claude/company-context.md and says every advisor will use it, but it does not require informed user consent, sensitivity labeling, retention limits, or any warning that the file may contain confidential business, personnel, revenue, runway, and strategic information. This creates a real privacy and security risk because sensitive founder/company data is centralized in a reusable location that could be accessed by other skills, future sessions, or local compromise without the user fully understanding the storage implications.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The guide instructs the interviewer to tell founders that 'Nothing leaves this conversation,' but later directs the agent to take notes and generate a context file. That is a misleading confidentiality assurance that can cause a founder to disclose sensitive business or personal information under false assumptions about how their data will be stored, processed, or shared.

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The description is broad enough that routine engineering or architecture questions could invoke this skill outside a narrowly intended CTO-advisory context. Over-broad routing can cause mis-scoping, inappropriate authority signaling, and unintended access to adjacent workflow behaviors, especially in a multi-skill environment where invocation determines what instructions and resources are brought into context.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The keyword list includes generic terms like architecture, system design, incident response, and engineering culture that commonly appear in ordinary developer conversations. In systems that auto-select skills based on keyword overlap, this can lead to frequent unintended invocation, exposing users to the wrong instruction set and increasing the chance of prompt-routing errors or cross-skill interference.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The tool reads potentially sensitive board decisions from a local file and prints summaries, searches, and full decision details directly to stdout without any confidentiality warning, redaction, or access control. In agent or shared-terminal environments, this can expose strategic plans, hiring decisions, pricing changes, and rejected proposals to logs, calling systems, or unintended viewers.

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The proactive triggers are broadly defined and action-oriented, causing the skill to initiate challenging interventions based on vague conditions such as inferred avoidance, team agreement, or incomplete preparation. In an autonomous or semi-autonomous agent environment, this can lead to unintended activation, overreach into sensitive business decisions, and noisy or disruptive behavior without clear user consent.

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The playbook repeatedly advises withholding information from employees during acute crises until leadership has a plan, but it does not warn that some situations may require immediate notice to affected staff for safety, legal, operational, or evidence-preservation reasons. In an executive-advice skill, that omission can normalize over-delayed disclosure and lead users to mishandle incidents where employees need prompt, factual guidance.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The PR-disaster section references data breaches and says to involve counsel and notify affected customers first, but it omits explicit breach-notification, privacy, and jurisdiction-specific legal obligations. In practice, users could treat the incident primarily as a reputational problem and miss mandatory reporting timelines to regulators, individuals, partners, or law enforcement, increasing legal and financial exposure.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal