Yoga

Security checks across malware telemetry and agentic risk

Overview

This is a simple yoga guidance skill with no code execution or data access, though users should treat the exercise advice as general guidance rather than medical advice.

Safe to install from an agent-security standpoint. Before relying on the yoga guidance during practice, users with injuries, pregnancy, high blood pressure, glaucoma, recent surgery, chronic conditions, or unusual symptoms should consult a qualified professional and stop if they feel pain, dizziness, numbness, or shortness of breath.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: This skill gives physical practice and contraindication guidance but lacks an explicit warning that it is not medical advice and that users should stop if they feel pain or consult a clinician for injuries, pregnancy, hypertension, glaucoma, or other conditions. Because users may rely on the instructions during real physical activity, omission of a clear safety disclaimer increases the chance of unsafe self-directed exercise and injury.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal