Security audit

Leap Of Faith

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only decision coaching skill, but it needs review because it gives directive guidance for medical, mental-health, and financial decisions without strong upfront safety limits.

Review before installing. This skill does not appear to run code or collect data, but it can strongly influence sensitive personal decisions. Use it only as a reflection aid, not as a substitute for licensed medical, mental-health, financial, legal, or emergency advice, especially for medication changes, urgent symptoms, self-harm risk, major investments, or irreversible life decisions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The metadata description says the skill activates on very broad phrases like major decisions, uncertainty, and whether to do something, which are common across many ordinary conversations. This can cause over-triggering and route users into a high-influence decision framework in contexts where it is not appropriate, increasing the chance of unsafe advice in sensitive domains.

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The activation section enumerates many ambiguous, high-frequency triggers such as hesitation, growth dilemmas, and tension between intuition and rational analysis without scope limits. In practice, this broad matching expands the skill's reach into emotionally charged or safety-critical conversations where a philosophical decision tool may be mistaken for appropriate guidance.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The skill advertises support for mental health and health/medical decisions but provides no upfront warning that it is not a substitute for licensed clinical or medical advice. In these domains, users may over-trust the framework and act on intuition-based guidance despite significant risk of harm from delayed care, inappropriate treatment choices, or worsening psychiatric conditions.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The framework explicitly includes mental health, medication, trauma, and medical treatment decisions, then later instructs the model to deliver a clear judgment and action recommendation. Combining high-risk domains with decisive recommendations and tacit-intuition prompts is dangerous because it may displace evidence-based care and encourage confident but unqualified advice.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.