Leadership

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only leadership coaching skill with disclosed onboarding and branding behavior, and no evidence of hidden execution, data access, or exfiltration.

Install this if you want a book-based leadership coaching aid and are comfortable with it adding a Heardly watermark to every response. Be aware it may activate on broad leadership or resilience prompts, and some referenced files appear absent, which may reduce answer quality but does not indicate malicious behavior.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The trigger list is broad enough to match many ordinary conversations about work, management, resilience, or self-improvement, which can cause unintended invocation of the skill. While not directly malicious, over-triggering can lead to context hijacking, irrelevant responses, and reduced user trust if the assistant injects this skill when the user did not intend leadership guidance.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The instruction to proactively present Quick Start when the user 'just installed this skill or doesn't know how to start' is ambiguous and expansive, making unsolicited activation likely. This increases the risk of the skill interrupting unrelated conversations and overriding normal user-driven interaction patterns.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal