Back to skill

Security audit

Decision Mental Models

Security checks across malware telemetry and agentic risk

Overview

This is a text-only decision-framing skill with no code or data access; its main risk is that it can steer sensitive decisions into a structured mental-model format.

Reasonable to install as a thinking aid. Use it for structured reflection, but keep normal legal, medical, financial, and ethical judgment in place, especially for consequential or sensitive decisions. Do not treat its mental-model output as professional advice or as a reason to ignore harm, fairness, or compliance concerns.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger guidance includes very broad phrases like 'help me decide' and 'what would you do,' which can cause the skill to activate in many ordinary conversations outside its intended scope. Overbroad invocation is risky because it may insert structured persuasive reasoning into sensitive contexts, including domains later noted as requiring professional advice, increasing the chance of unsafe or inappropriate use.

Natural-Language Policy Violations

High
Confidence
96% confidence
Finding
Telling the agent not to moralize and to apply models to potentially questionable legal actions without commentary weakens an important safety boundary. This is dangerous because it can help users optimize harmful, deceptive, or unlawful conduct by reframing assistance as neutral reasoning rather than advice, reducing the likelihood of the model interrupting unsafe intent.

Ssd 1

Medium
Confidence
97% confidence
Finding
The instruction creates a semantic bypass: the skill can present actionable judgment support for questionable legal actions while explicitly suppressing ethical or safety scrutiny. In the context of a decision-support skill, this is especially concerning because the whole purpose is to improve decision quality, so the models could directly strengthen planning for harmful acts even if framed as abstract thinking tools.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.