The Mythical Man Month

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a low-risk book or software-practice guidance skill, with one overbroad activation issue but no evidence of harmful actions or sensitive access.

This looks reasonable to install if you want guidance based on the skill's software/project-management topic. Be aware it may activate on broad software-engineering prompts; disable it or ask explicitly for another skill if it starts steering unrelated conversations.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The trigger list includes very broad terms such as 'Software engineering', 'Project management', and 'Software development', plus activation when the user 'just installed this skill or doesn't know how to start'. This can cause the skill to activate in many ordinary conversations unrelated to the book, increasing the chance of unwanted instruction injection, context hijacking, or response shaping by this skill when another tool or base assistant should respond.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal