Back to skill

Security audit

Interview Driven Learn

Security checks across malware telemetry and agentic risk

Overview

This is a simple interview-prep skill that stores generated study material in local reference files, with no hidden code, network access, credential use, or destructive behavior found.

Install only if you are comfortable with the skill saving interview-prep outputs into local reference files. Avoid pasting secrets, proprietary project details, personal data, or confidential interview material unless you are willing for that content to be retained and later reviewed or deleted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger phrases are broad enough to match common study or help requests, which can cause the skill to activate unexpectedly outside a clearly consented workflow. In this skill, unintended activation is more risky because activation also directs automatic updates to workspace reference files, creating side effects from ordinary conversation.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill description advertises automatic maintenance of reference documents but does not clearly warn the user that workspace files will be modified. This is dangerous because users may provide notes expecting transient analysis, while the agent persistently stores or appends that content, potentially causing privacy issues, unwanted persistence, or repository pollution.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The instruction to activate the skill and update both documents on trigger matches creates automatic file modification behavior without an explicit warning or confirmation step. In context, this increases danger because broad natural-language triggers can lead to silent writes based on ordinary study-related prompts, making accidental persistence likely.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The file states that learning entries are appended automatically over time, which implies persistent retention of user-derived study content and timestamps without any notice, consent flow, retention policy, or deletion guidance. In a learning/interview-prep skill, users may submit sensitive notes, project details, or career information, so silent persistence creates a real privacy and data-governance risk even if it does not indicate overtly malicious behavior.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.