Workday Reminder

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed workday QQ reminder/countdown skill that uses recurring schedules as expected and shows no hidden data theft or destructive behavior.

Install this only if you want recurring weekday QQ reminders. When creating or changing a reminder, check the scheduled time and recipient, and cancel the cron job when you no longer want the messages.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The trigger description is broad enough that ordinary conversation about leaving work or asking about off-work time could activate the skill unexpectedly. Unnecessarily invoking reminder or scheduling flows can cause unintended tool use, noisy automation, or accidental creation/modification of recurring jobs for the wrong user intent.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The instruction says that any request involving off-work time must invoke the cron tool, which is an overly aggressive catch-all that can force tool execution even for harmless conversational queries. This increases the risk of unintended scheduled actions, tool abuse, and confusing user experiences where a simple question results in persistent state changes.

VirusTotal

53/53 vendors flagged this skill as clean.

View on VirusTotal