Middle-Management-Agentic-Integration-For-All-Industries

Security checks across malware telemetry and agentic risk

Overview

This management skill is not malicious, but it asks agents to handle sensitive organizational telemetry, persistent memory, and some autonomous execution without enough hard boundaries.

Install only after treating this as a governance framework that requires local policy controls. Before connecting it to real tools or data, define which decisions can be automated, which always require human approval, what employee or organizational metrics may be collected, where checkpoints and reports are stored, who can access them, and how they are deleted.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (6)

Vague Triggers

Medium

Confidence: 85% confidence
Finding: The invocation guidance is very broad and encourages use in high-stakes governance, organizational design, and autonomous workflow deployment without clear exclusion criteria or safety preconditions. That can cause the skill to be applied in inappropriate contexts, leading downstream agents or operators to rely on it for decisions that require narrower scope, explicit approvals, or domain-specific controls.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The persistent ownership protocol instructs agents to checkpoint project state and query persistent storage for historical context, but it does not require user notice, consent, retention limits, or access-control safeguards. In practice this can normalize silent retention and retrieval of sensitive organizational, personnel, or strategic data across sessions, increasing privacy and data-governance risk.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The document instructs the agent to query persistent storage and load historical context, but it does not define any access-control, data-minimization, retention, or consent boundaries for what may be retrieved. In a management and organizational context, that stored context could include sensitive employee, project, or operational information, creating a real risk of over-collection, unauthorized exposure, or cross-session leakage.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The script explicitly reads telemetry from disk and writes a detailed health report back to disk, and the documented metrics include sensitive organizational and employee-adjacent signals such as psychological safety, burnout, attrition, and collaboration indicators. Omitting a warning about local file persistence and sensitive content handling increases the risk that operators will process regulated or confidential data without appropriate safeguards, retention controls, or secure storage practices.

Autonomous Decision Making

Medium

Category: Excessive Agency
Content: | :--- | :--- | :--- | | `score` | number (0.0 - 1.0) | The agent's confidence in its decision | | `factors` | array of strings | Factors contributing to the confidence level | | `routing_action` | enum | One of: "auto-executed", "human-reviewed", "escalated" | ## Outcome Object
Confidence: 90% confidence
Finding: auto-execute

Autonomous Decision Making

Medium

Category: Excessive Agency
Content: "properties": { "score": { "type": "number", "minimum": 0.0, "maximum": 1.0 }, "factors": { "type": "array", "items": { "type": "string" } }, "routing_action": { "type": "string", "enum": ["auto-executed", "human-reviewed", "escalated"] } } }, "limitations": { "type": "array", "items": { "type": "string" } },
Confidence: 90% confidence
Finding: auto-execute

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal