Back to skill

Security audit

Thinkdeep

Security checks across malware telemetry and agentic risk

Overview

This skill only changes how the agent structures complex answers and does not add code, credentials, network access, or persistence.

Install this if you want the agent to use a more structured approach on complex questions. Expect some answers to be longer and include visible reasoning summaries or confidence ratings; avoid using that mode where concise outputs or minimal reasoning logs are required. Verify the install slug because the README mentions deep-think while the skill metadata name is thinkdeep.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Natural-Language Policy Violations

Medium
Confidence
88% confidence
Finding
The README explicitly says the skill 'forces step-by-step analysis, self-critique, and confidence scoring before answering,' which indicates it attempts to impose a reasoning protocol without any mention of user consent or situational control. In an agent setting, forcing hidden internal reasoning behavior can conflict with platform safety expectations, reduce user agency, and encourage exposure or simulation of chain-of-thought-style content that should remain controlled.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.