Task Planner

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only task-planning skill whose disclosed planning and optional execution guidance fits its stated purpose.

Install this if you want help planning and tracking complex work. For coding or operational tasks, review the plan before execution and keep normal approval boundaries for file edits, shell commands, or actions that could change your project.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Context-Inappropriate Capability

Medium

Confidence: 90% confidence
Finding: The skill is framed as a planning and execution-guidance tool, but it explicitly authorizes broad programming actions using Read, Edit, Write, and Bash. That expands the skill from advisory behavior into potentially powerful repository and shell execution behavior, increasing the risk of unintended file modification, command execution, or privilege overreach when a user request is loosely interpreted as a programming task.

Vague Triggers

High

Confidence: 93% confidence
Finding: The trigger criteria are extremely broad, including any request that appears to involve more than three steps or vague requests for help getting started. This can cause the skill to activate in many ordinary conversations, potentially overriding more appropriate specialized skills and steering the agent into unnecessary task creation, questioning, or execution flows.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal