Daily Standup Generator

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill drafts daily standup reports and its use of recent work context is disclosed and aligned with that purpose.

Install if you are comfortable with the agent using recent memory and conversation context to draft standup updates. Review the generated report before sharing it, especially if prior chats or memory may contain private project details.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 81% confidence
Finding: The trigger phrases and usage conditions are broad enough that the skill may activate on generic standup-related requests without clear user intent to use this specific skill. While this is not inherently malicious, unintended invocation can cause the agent to read conversation history or memory files more often than necessary, increasing the chance of unnecessary data exposure or context misuse.

Natural-Language Policy Violations

Medium

Confidence: 88% confidence
Finding: The skill hard-codes Chinese trigger/output elements like "生成每日站会报告", section headers, and "无" without checking the user's language preference. This can override expected language behavior, confuse users, and in multilingual environments may cause incorrect or unintended output formatting that reduces reliability and usability.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal