Security audit

Autoreason Lite

Security checks across malware telemetry and agentic risk

Overview

This is a low-risk writing refinement skill that only defines a bounded review workflow and does not request sensitive access or install executable code.

Before installing, consider whether you want a refinement workflow to activate on broad requests like "improve this." Review outputs for factual accuracy and avoid sharing confidential drafts unless you are comfortable with the platform handling that content.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The trigger guidance is broad enough to match common phrases like 'improve this' or 'make this better,' which are ubiquitous in normal conversations. That can cause unintended invocation of the skill in contexts where iterative rewriting is unnecessary, increasing the chance of scope drift, hidden prompt expansion, extra token/cost usage, or interference with a more appropriate skill.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal