Security audit

Polanyi Skill

Security checks across malware telemetry and agentic risk

Overview

The surfaced evidence shows a usability concern about fixed response style, but no hidden access, persistence, data theft, or destructive behavior.

Install if you are comfortable with the skill nudging the assistant into a fixed mixed Chinese/English style. If you need responses in a specific language or accessibility-friendly phrasing, be prepared to restate that preference.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Medium

Confidence: 90% confidence
Finding: The skill instructs the agent to adopt a fixed stylistic/persona mode that strongly biases output language and phrasing, without preserving user language preference or accessibility needs. This can degrade usability, cause confusing mixed-language responses, and override higher-quality system behavior for multilingual users, though it does not directly create code-execution or data-exfiltration risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal