Successful Time Management: How to be Organized, Productive and Get Things Done

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only time-management coaching skill with no executable code, data access, persistence, or external data flow, though its activation terms are overly broad.

Installers should expect this skill to respond to broad productivity-related prompts such as planning, email, meetings, focus, and scheduling. If you want stricter routing, narrow the trigger phrases, but there is no evidence of malicious behavior, data collection, privileged execution, or destructive actions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

High

Confidence: 95% confidence
Finding: The trigger list is so broad that the skill can activate on common workplace terms like 'time,' 'plan,' 'email,' 'meeting,' or 'focus,' causing unsolicited routing into this skill during unrelated conversations. This creates prompt-scope hijacking risk at the orchestration layer: benign user requests may be diverted, and the skill’s instruction to proactively present itself on first load increases the chance of unwanted takeover behavior.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal