Persona Project Manager

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Google Workspace project-management persona, but it can help an agent make real changes like sending emails, creating calendar events, uploading files, posting announcements, and editing sheets.

Install this only if you want an agent to assist with Google Workspace project coordination. Before write or outbound actions, use dry-run or preview where available and verify recipients, attendees, files, folders, announcement channels, and sheet changes.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill instructs the agent to perform external side-effecting actions such as sending email, scheduling calendar events, uploading files, and announcing content, but it does not require explicit user confirmation or warn that these actions affect external systems and recipients. In a persona skill that may be invoked as a general project-management assistant, this increases the risk of unintended actions, accidental disclosure, spam, or unauthorized modifications if the agent acts on ambiguous prompts.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal