个人品牌故事

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only writing aid for personal brand stories, with no executable behavior or hidden system access, though users should avoid oversharing private details.

Install only if you want a personal-brand storytelling assistant. When using it, avoid exact salaries, private health or family details, addresses, or third-party names unless they are necessary and you have consent; use approximate or anonymized details for public drafts.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Medium

Confidence: 92% confidence
Finding: The reference explicitly instructs the agent to imitate a named person's tone, structure, and technique patterns, which can override user-preferred voice or style if this material is used as an active prompt source. While not directly a code-execution or data-exfiltration issue, it is a real prompt-quality and alignment vulnerability because it can cause unauthorized persona steering and produce misleading or inauthentic outputs without user opt-in.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal