Back to skill

Security audit

Adaptive Reasoning

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only skill that openly changes how much reasoning the agent uses, without requesting files, credentials, network access, code execution, or persistence.

Install this if you want the agent to automatically spend more effort on complex tasks. Expect possible changes in latency, token usage, and occasional reasoning icons; avoid it if you want reasoning mode controlled only by explicit user commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The skill contains inconsistent guidance: it claims no external tools are needed, yet elsewhere instructs the agent to use an internal command or tool to toggle reasoning state. This can mislead operators and downstream policy enforcement, increasing the chance of unintended tool use or hidden state changes during execution.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The skill is designed to trigger on every user message, which gives it universal preprocessing scope across the conversation. That broad reach increases the chance of unintended interference with unrelated requests, policy circumvention through hidden prompt layering, and persistent behavioral modification without clear user awareness or need.

Natural-Language Policy Violations

Medium
Confidence
97% confidence
Finding
The skill mandates automatic activation of reasoning behavior without user opt-in and requires visible response markers, effectively forcing changes to model behavior and output format. In context, this is more dangerous because the skill is global and acts as preprocessing for every message, creating hidden state changes and response leakage that may conflict with user instructions, platform policy, or application UX expectations.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.