Gr User Interview

Security checks across malware telemetry and agentic risk

Overview

This is a content-only user interview framework with no code execution or hidden access, though users should handle recordings and transcripts carefully.

Before installing, confirm you want an interview-methodology skill that may activate on broad research requests. If you use it to record or transcribe interviews, obtain informed consent, explain retention and use, store materials securely, redact sensitive details where possible, and follow applicable company policy and law.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger list contains broad generic terms such as 'user research', 'customer discovery', and 'interview framework' that can match many unrelated requests, increasing the chance of unintended invocation. In an agent system, over-broad activation can route user data or workflow control to the wrong skill, causing confusion, privacy issues, or unsafe downstream actions.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill explicitly recommends recording interviews and keeping full transcripts without mentioning consent, lawful basis, retention, or handling of personal data. Because user interviews often contain sensitive personal, employment, or business information, this omission can lead operators to collect data unlawfully or store it insecurely.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal