Chain Reason

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill formats answers as structured reasoning summaries, but its activation triggers are broad and should be used carefully.

Install this only if you want the agent to add structured reasoning summaries to complex answers. Consider narrowing activation to explicit user requests or clearly complex tasks, and avoid using it where hidden deliberation, policy reasoning, or sensitive intermediate analysis could be exposed in user-visible output or logs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

High

Confidence: 97% confidence
Finding: The activation criteria are extremely broad and include common words like 'how', 'why', and 'explain', which can cause this skill to trigger during ordinary conversation. In a skill system, over-broad activation expands the skill's influence beyond its intended scope and can alter model behavior unpredictably, especially since this skill instructs the agent to emit explicit reasoning traces.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The 'When to Use' guidance is subjective and lacks clear boundaries for when the skill must not be invoked, leaving activation to broad judgment calls. That ambiguity increases the chance of unnecessary invocation and unnecessary exposure of internal multi-step reasoning structure, which can conflict with safe response policies and create inconsistent behavior.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal