Back to skill

Security audit

Testosterone Optimization

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only wellness tracking skill with no executable code, but users should be careful about entering sensitive health details.

Before installing, consider whether you are comfortable sharing hormone, libido, body composition, and symptom information with your agent. Use minimal detail, avoid medical identifiers, and do not treat the supplement or body-fat targets as personalized medical advice.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger set includes broad health-related phrases such as 'hormone optimization' and 'test levels' that can match ordinary user requests not clearly intended for this specific skill. That can cause unintended invocation and expose users to prescriptive health advice in contexts where they expected more general information or a different capability.

Natural-Language Policy Violations

Low
Confidence
78% confidence
Finding
The skill gives prescriptive health guidance, supplement dosages, and a specific body-fat target range as broadly applicable recommendations without qualification, personalization limits, or advice to consult a clinician. In a health context, this can mislead users into treating generalized fitness advice as individualized medical guidance, increasing the chance of unsafe supplementation or unhealthy target-setting.

Shadow Command Trigger

Medium
Category
Trigger Abuse
Confidence
92% confidence
Finding
The trigger phrase 'test levels' overlaps with the built-in command namespace around 'test', creating a shadow-command condition. This can interfere with expected platform behavior or cause the skill to capture requests that users intended for a built-in command, which is especially problematic given the skill provides health-related guidance.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.