User Interview & PMF Validation Playbook — JTBD Framework, Customer Discovery, Churn Diagnostics (937 Interviews)

Security checks across malware telemetry and agentic risk

Overview

This user-research playbook is coherent, but it tells users to record interviews and shared screens without consent or privacy safeguards.

Before installing or using this skill, add your own consent and privacy process: tell participants exactly what will be recorded, get explicit permission before recording or screen sharing, offer a non-recorded option, avoid capturing sensitive screens, restrict access to recordings/transcripts, and define deletion/retention rules.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

High

Confidence: 96% confidence
Finding: The skill explicitly instructs operators to record interviews and shared screens, but it does not pair that with consent requirements, data minimization, retention limits, or guidance for handling sensitive information. In a real user-research context, this can lead to unauthorized collection of personal, confidential, or regulated data and create legal, privacy, and trust risks for both interviewees and the organization.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal