Security audit

Herzberg Two-Factor Theory

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only management coaching skill with no executable behavior, credential use, network access, or hidden data handling.

Install if you want an agent to use Herzberg’s framework for motivation and retention diagnostics. Treat its recommendations as one management lens, especially when issues may involve pay inequity, unsafe conditions, burnout, harassment, or skill gaps.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The trigger phrases are broad enough to match common workplace discussions such as motivation, engagement, and retention, which increases the chance this skill activates when the user did not actually want a Herzberg-based diagnostic. Misactivation can steer advice prematurely into a single management framework and crowd out more appropriate analyses such as compensation inequity, burnout, harassment, or capability gaps.

Natural-Language Policy Violations

Low

Confidence: 76% confidence
Finding: The skill mandates a fixed interaction style with hard-stop '[WAIT]' behavior and one-step-at-a-time responses without confirming that the user wants this mode. This can reduce user autonomy and degrade service quality by forcing a constrained conversational pattern even when the user asked for a direct answer or broader analysis.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.