Performance Review

Security checks across malware telemetry and agentic risk

Overview

This is a local performance-review template generator with no evidence of network access, credential use, automatic execution, or destructive behavior.

Reasonable to install if you want local performance-review drafting templates. Avoid entering confidential HR details unless you are comfortable with them appearing in shell history or local files, and be aware the bundled generic helper script can log local arguments if invoked.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 82% confidence
Finding: The trigger text is broad and repetitive, covering generic 'performance review' use cases in multiple languages without clear boundaries for when the skill should activate. This can cause unintended invocation over other skills or user intents, leading to incorrect tool selection and accidental processing of sensitive HR-related content, though it does not itself introduce code execution or data exfiltration.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal