Debt Survival

Security checks across malware telemetry and agentic risk

Overview

This debt-help skill is useful and coherent, but it tells the agent to save sensitive financial and legal details without clear consent, retention, or deletion controls.

Review before installing. Use it only if you are comfortable with your agent saving debt records, account references, draft letters, collector contacts, and legal-deadline information. Avoid entering full account numbers unless necessary, ask for an in-session-only/no-save workflow when possible, and delete generated files, reminders, and agent state when the debt matter is resolved.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill persistently stores highly sensitive financial and legal data, including debts, account numbers, income changes, lawsuit status, and communications logs, without any explicit notice, minimization guidance, or consent flow. If agent state is exposed, retained too long, or accessed by other components, it could reveal detailed financial distress and legal posture that enables privacy harm, fraud, or coercion.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal