Security audit

Startup Launch Playbook

Security checks across malware telemetry and agentic risk

Overview

The available evidence shows only localized documentation-language concerns, not hidden execution, data access, or malicious behavior.

Installation appears reasonable if you want this skill’s guidance and can use the available language files. Review any localized instructions you rely on for accuracy and fit, but there is no artifact-backed evidence here of unsafe execution or sensitive access.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Natural-Language Policy Violations

Low

Confidence: 95% confidence
Finding: This markdown file presents all instructions and guidance exclusively in Japanese, and there is no indication that users can opt into another language or that the skill is intentionally restricted to a Japanese-speaking audience. Under the language/locale policy, forcing a specific language without user choice can be a natural-language policy violation.

Natural-Language Policy Violations

Low

Confidence: 92% confidence
Finding: This markdown content forces a specific language/locale for all users of the skill file and does not indicate that Korean is optional or that the skill is intended only for Korean-speaking users. Under the policy, language constraints should either be opt-in or clearly justified.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.