personality-analysis-yang

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only personality-analysis skill with no code or system access, but users should be careful about sharing private third-party messages.

Install only if you want an agent to give tentative personality-style readings from text. Do not paste private, identifying, or third-party conversations unless you have the right to share them, and do not use the output for clinical, hiring, legal, financial, or other consequential decisions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill explicitly encourages personality and behavioral inference from private messages and chat logs, which can enable sensitive profiling of third parties without their knowledge or consent. Although it includes caveats about uncertainty and avoiding clinical diagnosis, it does not warn about privacy, consent, or the risks of analyzing private communications, making misuse more likely.

Vague Triggers

Medium

Confidence: 85% confidence
Finding: The trigger conditions are broad enough to activate on many general requests about tone, communication patterns, or emotional tendencies, increasing the chance the skill is used in contexts where personality profiling is inappropriate or overly invasive. Overbroad activation can cause the system to steer normal text-analysis tasks into speculative human profiling, especially for third-party content.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal