Back to skill

Security audit

Real Estate Agent

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a local real-estate assistant, but it automatically persists sensitive housing and financial details with broad activation and limited user-control guidance.

Install only if you are comfortable with a local file-based real-estate profile that may retain budgets, financing status, locations, timelines, and property interests. Before using it, decide what should not be saved, periodically inspect the ~/real-estate-agent/ files, and delete or redact stored details you no longer need.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Vague Triggers

Medium
Confidence
82% confidence
Finding
The activation rule is broad enough to trigger on general discussion of housing, renting, or investing, which can cause the skill to engage unexpectedly and begin collecting or persisting sensitive user context in local memory. In this skill, that matters because it is designed to store client profiles, budgets, timelines, and property preferences automatically, so accidental activation increases privacy and data-minimization risk.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The template instructs the agent to create and maintain a persistent client profile containing sensitive personal and financial information such as budget, locations, financing status, family/job context, and owned properties. There is no notice, consent flow, minimization guidance, or retention policy, so the skill encourages silent collection and storage of user data on disk beyond what is necessary for a single interaction.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill defines multiple additional on-disk files for properties, searches, and alerts, creating a broader retained dataset about a user's housing interests, transaction status, and behavior over time. Even if each file seems operationally useful, together they form a persistent dossier without any warning that the skill will write and retain user-related data locally.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The file explicitly states that a local memory file will be created to store client profile data, preferences, goals, and other potentially sensitive real-estate and financial details, but the skill description does not warn users about this persistent storage. In this skill context, the stored data can include budget, financing status, lender information, relocation plans, and property preferences, so the lack of upfront disclosure creates a real privacy and consent risk rather than a mere documentation issue.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The setup instructs the agent to auto-engage whenever the user mentions real estate, which is an overly broad trigger for a skill that stores preferences and tracking data. This can cause the skill to activate in casual or incidental conversations and begin collecting or proposing persistence before the user clearly intended to use a persistent real-estate agent workflow.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill encourages remembering user preferences and tracking properties, but the warning about persistent local storage is buried in setup guidance rather than presented as a clear upfront disclosure. Users may share sensitive housing, budget, location, and timeline information without understanding that it will be stored across sessions, increasing privacy and consent risk.

Ssd 3

Medium
Confidence
96% confidence
Finding
The key principles direct the agent to 'enrich the client profile' every conversation and to record broad notes including personal circumstances, which creates an open-ended retention and profiling pattern. In a real-estate context this is particularly sensitive because conversations may include finances, family situation, relocation plans, and other highly personal decision-making data.

Ssd 3

Medium
Confidence
97% confidence
Finding
The instructions direct the agent to update the memory file after every conversation and to track discussed properties and preferences over time, creating ongoing retention of sensitive personal and financial information in natural language. In a real-estate skill, this is especially risky because conversations may contain budgets, preapproval amounts, move dates, addresses, landlord/seller details, and negotiation history, which can accumulate into a detailed personal profile if the file is accessed by unauthorized parties or retained longer than necessary.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.