Work

Security checks across malware telemetry and agentic risk

Overview

This is a text-only workplace advice skill, with one policy-sensitive tip that users should treat cautiously.

Install only as general workplace coaching. Do not move confidential company information to personal accounts or devices, and use approved HR, legal, compliance, or workplace documentation channels when preserving sensitive records.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Context-Inappropriate Capability

Medium

Confidence: 92% confidence
Finding: The manifest describes professional communication, meeting prep, workplace dynamics, and visibility tactics, which fits advisory content. However, the specific instruction to keep records in personal notes and to BCC oneself crosses into advising users to move workplace information outside normal organizational systems, a capability with privacy and policy implications that is not inherently required by the stated purpose.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal