Prompt Optimizer

Security checks across malware telemetry and agentic risk

Overview

This is a small prompt-optimization guidance skill with no executable files, persistence, credential handling, or destructive behavior.

Before installing, note that the skill points users toward an external prompt-optimization service/API and an upstream AGPL project. Avoid sending sensitive prompts to external services unless you understand where the prompt text goes and what terms apply.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The activation guidance is broad enough to match many ordinary user requests about prompts, which can cause this skill to be invoked when it is not the best or safest tool for the task. Over-broad triggering can bias assistant behavior, expand the skill’s effective scope, and increase the chance of unnecessary external tool use or unreviewed guidance being injected into unrelated conversations.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal