Back to skill

Security audit

gstack CEO Review

Security checks across malware telemetry and agentic risk

Overview

This is a non-executable plan-review skill, but it tells the agent to save potentially sensitive review summaries to persistent memory without asking first.

Review this skill before installing if you plan to use it on confidential product plans, security issues, customer data, or internal architecture. It is not executable malware, but you should disable or edit the `memory/` saving instruction, or only use it when persistent storage of the final review summary is acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill instructs saving review summaries to `memory/` even though plan review does not inherently require persistent storage. Those summaries can contain sensitive project details, strategic plans, architecture notes, or security concerns that may later be surfaced in unrelated contexts, creating unnecessary data retention and cross-session leakage risk.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrases are broad and overlap with normal conversation such as 'review a plan,' 'challenge this,' or 'think bigger.' That increases the chance of accidental invocation in unrelated workflows, which can inject unexpected behavior, alter agent posture, and expose user content to a skill the user did not intentionally invoke.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
Writing summaries to storage without a user-facing disclosure removes transparency around persistence of potentially sensitive data. Users may share confidential plans assuming an ephemeral review, while the skill silently stores content for future use, increasing privacy and compliance risk.

Ssd 3

Medium
Confidence
96% confidence
Finding
Persistent memory of review summaries can retain sensitive project details, including business strategy, architectural weaknesses, and security issues. If later retrieved or leaked across sessions, this creates a secondary exposure channel unrelated to the original task and expands the blast radius of sensitive user disclosures.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.