Relationship Skills

Security checks across malware telemetry and agentic risk

Overview

This is a text-only relationship advice skill with no code or system access; the main caution is that it may invite sensitive personal sharing.

Safe to install from a security standpoint. Treat it as relationship guidance, not professional counseling, and avoid sharing highly sensitive details unless you are comfortable with how the host platform processes conversations.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger phrase at line 8 is broad enough to match many ordinary user requests, which can cause the skill to activate unintentionally. While this is not directly a code-execution or data-exfiltration flaw, accidental invocation can override user intent, increase prompt-surface exposure, and create confusing or privacy-impacting interactions in a relationship-advice context.

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The trigger phrase at line 10 ('date ideas') is highly generic and likely to overlap with normal conversational queries, making unintended invocation likely. In this skill, that raises the risk of the system engaging the skill when the user may have wanted a general answer, which can expose stored relationship context or produce behavior the user did not explicitly request.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal