improve your prompt

Security checks across malware telemetry and agentic risk

Overview

This appears to be a prompt-refinement skill with some broad routing language, but no evidence of hidden access, data theft, persistence, or destructive behavior.

Install this if you want help rewriting ambiguous requests into prompts. Be aware it may activate too broadly, so disable or avoid it for conversations where you want the agent to answer or execute the task directly.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The activation criteria are broad enough to match many normal user requests, which can cause the skill to intercept interactions that did not actually need prompt-refinement. In a skill-routing system, this can degrade reliability, override user intent, and increase the chance that other more appropriate skills are bypassed.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The instruction to act 'immediately and only' by generating a prompt lacks clear guardrails, so the skill may suppress normal handling and force a transformation even when the user wanted direct assistance. This creates a control-flow vulnerability in agent behavior, where ambiguous routing logic can systematically redirect tasks away from intended execution paths.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal