Premortem

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only reasoning checklist that is broad and always-on, but it does not request tools, credentials, file access, network access, or hidden side effects.

Install this only if you want an always-available internal review step before significant agent work. Keep normal safeguards for destructive commands, production changes, deployments, and shared systems; this skill should not replace tests, backups, code review, or explicit confirmation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The activation criteria are so broad that the skill is likely to run on a large fraction of normal interactions, effectively imposing an always-on behavioral modifier. In agent settings, broad implicit activation can distort responsiveness, add hidden latency, and interfere with higher-priority safety or task-specific policies by encouraging unnecessary pre-execution deliberation on routine tasks.

Natural-Language Policy Violations

Medium

Confidence: 96% confidence
Finding: The skill explicitly requires hidden internal reasoning ('Premortems are internal reasoning') and instructs the agent not to disclose that process except in limited cases. In a security-sensitive agent framework, this is dangerous because it normalizes opaque chain-of-thought-style behavior, reduces auditability, and can conceal when the skill is influencing decisions in ways the user or operator cannot inspect.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal