Risk Profile

Security checks across malware telemetry and agentic risk

Overview

This is a simple risk-planning skill that asks for sensitive personal context but does not install code, access files, store data, or send information elsewhere.

Before using it, share only the detail needed for planning, such as ranges instead of exact balances or identifying medical details. Treat the result as general planning support and verify insurance, financial, or health decisions with a qualified professional.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill explicitly instructs collection of sensitive personal data such as health status, dependents, assets, debts, and lifestyle habits, but provides no guidance on data minimization, consent, retention, or privacy warnings. In an agent context, this can lead to unnecessary exposure or over-collection of sensitive information and increase the risk of privacy harm or downstream misuse.

VirusTotal

41/41 vendors flagged this skill as clean.

View on VirusTotal