Security audit

Empathic Trinity Core

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed workspace memory-configuration helper, but users should review the private memory files it may read or rewrite.

Install this only in workspaces where you want the agent to reorganize long-term memory behavior. Review or back up AGENTS.md, SOUL.md, USER.md, MEMORY.md, and memory/ first, and be deliberate about whether emotional or relationship cues should be stored long term.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly instructs the agent to read, inspect, and rewrite workspace memory files such as AGENTS.md, USER.md, SOUL.md, MEMORY.md, and daily logs, which are likely to contain sensitive personal, behavioral, or relational data. It does not require user notice, confirmation, minimization, or consent before accessing and modifying that data, so a user may unknowingly expose or alter private information during installation or migration.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal