Back to skill

Security audit

Think-Plan

Security checks across malware telemetry and agentic risk

Overview

This is a planning skill with disclosed workspace plan-saving and optional execution coordination, but no evidence of hidden exfiltration, destructive behavior, or credential access.

Install this if you want a structured, Chinese-language planning workflow. Be aware that it can save selected plans and background details into workspace/plans and can coordinate subagents after execution confirmation, so avoid using it with sensitive personal or business details unless that workspace retention is acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger conditions are broad enough to match many ordinary planning or analysis requests, which can cause the skill to activate unexpectedly and override the assistant's normal behavior. In context, this skill imposes rigid workflow and behavioral constraints, so accidental invocation could lead to user-friction, inappropriate questioning, unnecessary file writes, or spawning subagents when the user did not intend to use this skill.

Natural-Language Policy Violations

Medium
Confidence
80% confidence
Finding
Forcing Chinese without regard to the user's language can create misunderstanding of constraints, outputs, or follow-up confirmations, especially because the skill requires iterative clarification and explicit user choices. In this context, language mismatch is not directly a security exploit, but it can degrade informed consent and increase the chance of incorrect actions being taken based on misunderstood prompts or saved plans.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The low-complexity trigger examples use very generic phrases such as common everyday requests, which can cause the skill to activate outside its intended planning scope. In an agent system, over-broad routing can misdirect ordinary user requests into a deep-planning workflow, increasing the chance of inappropriate delegation, unnecessary data handling, or confusing outputs.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The medium-complexity keyword list contains ambiguous phrases like 'analyze', 'research', 'compare', and 'design', which are too generic to safely distinguish when this skill should be used. Because this skill is for deep thinking and planning, ambiguous activation can expand the skill's authority into ordinary conversations and lead to overreach in task decomposition or agent orchestration.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The high-complexity examples are still broad enough to match ordinary phrasing such as building a system or starting a project, without validating actual scope, duration, or dependency complexity. This can cause the skill to classify requests as requiring layered multi-agent planning when they may be simple, creating unsafe or wasteful automation behavior.

Missing User Warnings

Low
Confidence
89% confidence
Finding
The workflow explicitly instructs the agent to persist a full plan document plus requirement/background content to `workspace/plans/...` after confirmation, but it does not require data minimization, consent specific to storage, or screening for sensitive information. In a planning skill, users may disclose personal, business, or confidential context during exploration, so silent archival increases the risk of unnecessary retention and later exposure.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.