Back to skill

Security audit

Daily Task Check-in

Security checks across malware telemetry and agentic risk

Overview

This is a small instruction-only daily reminder template with clear public-safety limits and no code, credentials, network access, or install-time behavior.

Install only for generic, public-safe task reminders. Avoid putting real names, school or health details, account IDs, private schedules, or other sensitive personal information into the task flow, and confirm the start time before using reminders.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The default prompt uses broad wording ('manage task intake, start-time confirmation, short reminders, and nightly completion checks') without explicit trigger boundaries or exclusion conditions. In combination with agent ecosystems that may infer invocation from general user intent, this can cause the skill to activate in contexts the user did not clearly request, leading to unintended access to conversation context or inappropriate workflow insertion.

Vague Triggers

Medium
Confidence
94% confidence
Finding
Enabling implicit invocation while the manifest lacks narrow scope language increases the chance of accidental or over-broad activation. Even for a public-safe coordination skill, this can cause the system to trigger task-tracking behaviors during ordinary conversation, creating privacy, consent, and workflow-integrity issues if user statements are interpreted as commands or status updates.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.