Ogp Project

Security checks across malware telemetry and agentic risk

Overview

This skill is a legitimate project-collaboration helper, but it can persist project details and automatically share work context with approved peer agents more broadly than users may expect.

Install only if you are comfortable with OGP storing project context and your agent contacting approved collaborators' agents about project work. Prefer summary or escalate response policies, avoid logging secrets or exact private paths, and review what peers and projects are approved before enabling proactive sharing.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (9)

Context-Inappropriate Capability

Medium

Confidence: 88% confidence
Finding: The interview explicitly teaches the agent to use user-supplied locations for notes, repositories, files, and task trackers, including arbitrary local paths and third-party services. That broadens the skill from OGP state management into open-ended access of potentially sensitive resources, increasing the chance of overscoped reads, accidental disclosure, or misuse if the user input or project metadata is untrusted.

Vague Triggers

High

Confidence: 96% confidence
Finding: The trigger section is intentionally broad and includes proactive activation plus common phrases like 'remember this' or 'make note of,' which can match ordinary conversation outside the user's intended project workflow. That creates a high risk of unintended skill execution, unexpected logging, and unsolicited peer queries or data access based on weak context signals.

Vague Triggers

High

Confidence: 93% confidence
Finding: The 'When to Use' guidance reinforces proactive use whenever work seems project-related, without strong boundaries or confirmation gates. In context, that means the agent may initiate searches and peer communications based on inferred intent rather than explicit user direction, raising the likelihood of privacy-impacting false activations.

Vague Triggers

High

Confidence: 98% confidence
Finding: The freeform logging section explicitly tells the agent to detect logging intent from any natural phrasing, which is an archetypal overbroad trigger. Because logging is persistent and tied to project context, misclassification can silently store sensitive conversational content or route it into collaboration flows the user did not intend.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill emphasizes reducing 'human-as-messenger' friction and proactively querying peers, but it does not give a prominent user-facing warning that project context may be transmitted to external collaborators' agents. Users may therefore enable or invoke the skill without understanding that metadata, questions, and summaries can leave the local environment.

Ssd 3

Medium

Confidence: 90% confidence
Finding: The core design encourages agents to query each other proactively about project state, which can involve private notes, repository details, workspace paths, and collaborator context. Even if intended for collaboration, automatic cross-agent exchange increases the risk of unnecessary disclosure, especially when users may not realize how much context their agent can expose or infer.

Ssd 3

Medium

Confidence: 95% confidence
Finding: The mandatory pre-task check instructs the agent to contact each approved peer with a message about what the user is about to work on before beginning. This can disclose planned work, priorities, and feature topics automatically, even when no collaboration is necessary for that task, making the design privacy-invasive by default.

Ssd 3

Medium

Confidence: 92% confidence
Finding: The interview states that every answer is logged as context and made available for peer agents to query later, including repositories, notes locations, files, and collaborators. That creates durable exposure of broad project metadata and may normalize storing sensitive operational details without granular consent or classification.

Ssd 3

Medium

Confidence: 94% confidence
Finding: The incoming peer-query workflow tells the agent to search local context and answer peers directly when policy is 'full' or 'summary,' but it lacks stronger safeguards around necessity, minimization, and sensitive-content filtering. Under permissive policies, the agent may disclose more local project information than the user expects, especially if context entries include paths, notes, or decision logs with confidential details.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal