Security audit

Entrepreneur PM Framework

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only AI team management skill, but it includes under-scoped instructions for live Shopify changes, options-trading recommendations, spawned agents, persistent memory, and a local credential path.

Install only if this is intended for the specific Leevar environment it describes. Before using it, remove the Shopify token path, isolate live-store operations into a scoped commerce-admin skill with explicit approval and rollback checks, remove or tightly constrain the options-trading example, and limit persistent memory or skill updates to reviewed content.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: This reference section embeds concrete options-trading selection and recommendation workflows, including budget constraints, instrument screening, and specific recommendation formatting. That goes beyond a PM/agent-management framework and can steer the agent into providing regulated, high-risk financial guidance that is outside the declared purpose, increasing the chance of unsafe or unauthorized assistance.

Context-Inappropriate Capability

Medium

Confidence: 89% confidence
Finding: This section contains operational instructions to rewrite product copy and directly mutate a Shopify store through the REST API, including validation and reporting steps. In a skill presented as a management/thinking framework, these concrete production-change procedures materially expand the capability surface and can cause unauthorized store modifications, policy violations, or harmful execution if invoked in the wrong context.

Context-Inappropriate Capability

Medium

Confidence: 91% confidence
Finding: The detailed GraphQL mutation playbook gives step-by-step instructions for modifying product options and variants in Shopify, including sequencing and edge-case handling. That is implementation-level catalog mutation guidance unrelated to the stated PM-management purpose, and it can enable unintended destructive changes to product data if an agent treats this skill as authority for direct execution.

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The skill’s activation criteria are extremely broad, covering generic management, collaboration, and task decomposition discussions. This can cause unintended invocation in unrelated conversations, injecting prescriptive routing and operational instructions that steer agent behavior without explicit user intent, which is a prompt-scope security issue for orchestration skills.

Ssd 3

High

Confidence: 99% confidence
Finding: The document explicitly reveals the local filesystem path of a secrets file containing the Shopify admin token. Even though it does not print the token itself, telling an agent where a live credential is stored materially lowers the barrier to secret discovery and misuse, especially in a skill focused on agent coordination and tool use.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal