Advisory Committee

Security checks across malware telemetry and agentic risk

Overview

This appears to be a prompt-only advisory workflow for structured strategic decisions, with no artifact-backed evidence of hidden execution, data access, persistence, or destructive behavior.

Before installing, expect this skill to impose a structured committee-style decision process and possibly activate for broad strategy or prioritization requests. Use it when that framing is helpful; disable or avoid it if you want lightweight, informal advice.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The manifest trigger phrase is broad enough to match common requests for general advice about strategy, prioritization, or building new features. This can cause the skill to activate in situations the user did not explicitly intend, injecting its multi-agent workflow and output format into ordinary conversations and potentially steering decisions unexpectedly.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal