Writing Plans

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only planning skill with disclosed optional execution handoff; it does not contain code, hidden persistence, credential access, or automatic actions.

Safe to install as a planning aid. Before allowing any generated plan to run, review the specific git commands, approve commits or merges explicitly, and separately review any referenced subagent or cleanup skills.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 96% confidence
Finding: The skill is presented as a planning aid to be used before touching code, but it embeds operational instructions to create branches, run tests, commit, merge, and hand off execution. That scope expansion can cause an agent to move from low-risk planning into repository-modifying actions without an explicit, separate authorization boundary, increasing the chance of unintended changes or unsafe automation.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: Including subagent dispatch and execution orchestration in a plan-writing skill creates unnecessary privilege expansion and hidden delegation paths. An agent invoking this skill for documentation could be steered into spawning additional agents to perform implementation work, making behavior harder to audit and increasing the risk of uncontrolled actions.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal