Architect Assistant

Security checks across malware telemetry and agentic risk

Overview

This is a coherent architecture assistant, but it enables always-on, mostly silent project tracking that can persist client, payment, and project details without clear per-update approval.

Install only if you want an always-on architecture project tracker that writes to workspace files. Before enabling it, review or remove the workspace/AGENTS.md passive-capture directive and any cron entries, avoid storing confidential client or payment details unless appropriate, and periodically audit project files for incorrect or overly sensitive captured notes.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (11)

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: The skill explicitly instructs the assistant to 'continuously listen' and automatically modify project files during every conversation, including remaining invisible for minor changes. That creates persistent, silent state changes from ambient chat content, which can misinterpret casual statements, capture sensitive business details, and alter canonical records without a clear transactional boundary or user confirmation.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The first-run setup tells the skill to append a directive to a global AGENTS.md file so the behavior persists across future conversations. Modifying global agent behavior from inside a skill is risky because it extends the skill's influence beyond the current invocation and can enable ongoing silent data capture without fresh consent.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill instructs automatic project-file updates to occur invisibly and specifically says not to ask whether the file should be updated. This removes user awareness and consent at the point of modification, increasing the chance of unauthorized or incorrect writes based on ambiguous conversation content.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The first-run setup creates and modifies multiple workspace files, copies configs, updates indexes, and configures automation, but does not present a clear safety/consent checkpoint before making those changes. Broad write actions during setup can surprise users, create unwanted persistence, and establish automation they did not fully understand.

Natural-Language Policy Violations

Medium

Confidence: 96% confidence
Finding: This reference gives construction methods, fire-rating, landlord-scope, transport sizing, and timeline guidance that can vary significantly by country, city, code regime, and project type, but it does not require jurisdiction confirmation before use. In an architecture assistant, users may rely on this as feasibility or planning input, which could lead to noncompliant design assumptions, bad cost/schedule decisions, or unsafe recommendations if local code and market conditions differ.

Missing User Warnings

Low

Confidence: 85% confidence
Finding: The procedure instructs the agent to modify project records by updating the `Last Check-in` date and appending the user's response to notes, but it does not explicitly tell the agent to warn the user or obtain consent before persisting that information. In a productivity skill that captures project context, this creates a real but low-severity transparency and privacy issue because users may disclose sensitive project updates without realizing they will be stored.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The procedure explicitly tells the agent to append to the project's Notes section without requiring user awareness or confirmation before modifying project files. In an architecture assistant that maintains project context, silent writes can alter records, introduce inaccurate design history, or persist sensitive summaries the user did not intend to store, making this more dangerous than in a purely read-only advisory skill.

Missing User Warnings

Low

Confidence: 90% confidence
Finding: The procedure explicitly instructs the agent to append content into project files, which modifies workspace data without requiring user confirmation or even notifying the user in normal cases. In a skill designed for passive research capture, silent file mutation can lead to unwanted changes, audit gaps, and accidental persistence of incorrect or low-quality information.

Natural-Language Policy Violations

Medium

Confidence: 81% confidence
Finding: Mandating English-only logging without user opt-in can override user expectations, degrade fidelity for non-English research sources, and create misleading or lossy records in the workspace. In this skill, which explicitly searches in multiple languages and may preserve original-language terms only parenthetically, the rule can silently normalize data in a way the user did not request.

Ssd 3

Medium

Confidence: 88% confidence
Finding: By appending instructions to AGENTS.md for passive project-context capture in every conversation, the skill enables ongoing retention of user-provided project details without per-instance consent. In an architecture context, those details can include client decisions, blockers, payment status, and other sensitive commercial information, making silent capture materially risky.

Ssd 3

Medium

Confidence: 94% confidence
Finding: The passive behavior section directs the assistant to silently retain and update sensitive conversational details such as client decisions, payment updates, blockers, and deadlines in project files. This is dangerous because it turns ordinary chat into a hidden system of record, potentially storing confidential business information inaccurately or without the user's informed awareness.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal