Recommend

Security checks across malware telemetry and agentic risk

Overview

This recommendation skill is transparent about using remembered preferences to personalize suggestions, with privacy considerations but no evidence of hidden or harmful behavior.

Install only if you are comfortable with the assistant using prior conversations and memory entries to tailor recommendations and saving preference summaries for later. Avoid using it for highly sensitive choices unless you are comfortable with those preferences being remembered, and review or clear memory where your platform supports it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill explicitly instructs the agent to search user context and later to store learned preferences in memory, but it provides no user-facing consent, retention limits, or privacy boundaries. In a recommendation skill, this can lead to unnecessary collection and persistence of sensitive behavioral data, creating privacy leakage and profiling risks across future interactions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal