Progress Report Generator

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent progress-report writing helper with disclosed memory-related behavior and no evidence of malware, exfiltration, or destructive actions.

Install this if you are comfortable using a writing assistant to process work notes and possibly compare them with prior report context. Avoid feeding it confidential client, HR, legal, or financial details unless your agent's memory and file settings are appropriate for that data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: A trigger that activates on any user-sent list of activities is overly broad and can cause unintended invocation in unrelated contexts. This increases the chance of the skill processing sensitive work logs or personal notes without clear user intent, especially because the skill can also access memory and write outputs.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill is permitted to use memory_search and memory_get, and the content explicitly says user preferences may be saved in memory, but it does not clearly warn the user about persistence or ask for consent. In a reporting skill, stored preferences and prior reports may contain sensitive professional information, creating privacy and data retention risks if users do not realize their data is being remembered.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal