Autoresearch Loop

Security checks across malware telemetry and agentic risk

Overview

This is a simple research-organization prompt with bounded iteration and no code, credential access, persistence, or hidden system behavior.

Safe to install as a research workflow prompt. Use clear scope, budget, and stopping criteria for broad research requests, especially because ordinary phrases like "deep dive" may trigger a longer iterative process.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The trigger list includes broad, natural phrases such as "deep dive" and "research this thoroughly," which are common in ordinary user requests and could invoke the skill unintentionally. Because this skill enables autonomous iterative behavior, accidental activation could cause the agent to perform more extensive actions than the user intended, increasing cost, scope, and the chance of unsafe downstream behavior.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal