Pilates (Session Planner, Form Coach, Progress Tracker)

Security checks across malware telemetry and agentic risk

Overview

This is a local Pilates coaching and progress-tracking skill with disclosed local notes and no executable code or network behavior.

Before installing, be comfortable with optional local notes in ~/pilates/ about Pilates goals, session history, form cues, and safety limits. Keep medical details minimal, review stored notes if privacy matters, and rely on a clinician or qualified instructor for significant pain, pregnancy/postpartum concerns, recent surgery, neurological symptoms, or other red flags.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The setup instructs the agent to activate on a wide set of loosely related terms such as Pilates, mat work, core control, and posture-focused routines, and to decide proactive behavior early. This can cause the skill to engage in contexts the user did not intend, including adjacent fitness or health discussions, increasing the chance of unsafe or irrelevant coaching in sensitive situations like pain, recovery, or unrelated exercise planning.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal