Persona Researcher

Security checks across malware telemetry and agentic risk

Overview

The skill appears to support legitimate research collaboration, but it needs review because it may share research notes or documents by email without clear user confirmation safeguards.

Install only if you are comfortable with a research assistant that may help prepare or send collaboration emails. Before any send or file share, require the agent to show the exact recipients, subject, message body, and documents, and approve each outbound action explicitly.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill explicitly instructs the agent to share findings with collaborators and send peer-review requests via email, but it does not require user confirmation, recipient verification, or any warning that research notes and attached documents may be disclosed externally. In a persona skill that organizes potentially sensitive research materials, this omission can lead to accidental data leakage, especially if the agent autonomously selects files, recipients, or summaries to share.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal