Pre-Mortem Analyst

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only pre-mortem planning template with no executable behavior, credential use, or hidden data access.

Review the included examples before installing, especially if you want a fully generic planning skill, because they contain named business scenarios. The skill appears safe as a documentation-only analysis aid, with no evidence of code execution, data exfiltration, credential handling, persistence, or destructive actions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The skill advertises very broad trigger phrases such as "risk analysis," "what could go wrong," and "before we launch," which can match many ordinary planning conversations and cause unintended invocation. While the content itself is not overtly harmful, overly vague activation conditions can lead to context hijacking, user confusion, or inappropriate routing away from a more suitable skill.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal