Back to skill

Security audit

Overcome Problem

Security checks across malware telemetry and agentic risk

Overview

This is a planning-only problem-solving skill with broad activation phrases but no code, credentials, network access, persistence, or hidden behavior.

Safe to install as a general planning aid. Be aware it may trigger on broad problem-solving phrases, and treat its local-privacy language as a statement that the skill itself adds no storage or cloud dependency, not a guarantee about how your normal agent environment handles conversation data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
97% confidence
Finding
The trigger phrases are broad, generic help-seeking language that commonly appears in ordinary conversation, so the skill may activate unintentionally in contexts where the user did not explicitly request this workflow. Unintended activation can cause prompt hijacking of the interaction flow, interfere with higher-priority skills, and create confusing or unsafe task routing if the agent applies this framework to unrelated requests.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.