Back to skill

Security audit

Drinks Sommelier

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent beer and wine recommendation helper, but it keeps a local taste profile that users should understand before use.

Install this only if you are comfortable with the agent keeping a local record of your beer and wine preferences. Before relying on it heavily, consider adding explicit commands or instructions to view, edit, pause, or delete the saved taste profile and product lists.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill directs persistent storage of user preference data without any explicit notice, consent flow, or retention disclosure. This creates a privacy risk because users may reveal taste and behavioral preference data without understanding it will be stored across sessions.

Ssd 3

Medium
Confidence
90% confidence
Finding
The skill is designed to accumulate a persistent taste profile over time, which means it systematically stores personal preference data across interactions. Even though the data is not highly sensitive on its face, longitudinal profiling without robust consent and governance can become privacy-invasive and exceed user expectations.

Ssd 3

Medium
Confidence
95% confidence
Finding
These instructions tell the agent to update profile sections and product preference files based on user inputs, including when information is merely 'learned' through conversation. Persisting inferred preference data can create inaccurate records and privacy issues, especially when not clearly surfaced to the user.

Ssd 3

Medium
Confidence
98% confidence
Finding
The skill explicitly instructs direct updates to persistent files without confirmation whenever the user expresses a product judgment. This is dangerous because natural-language statements can be ambiguous, joking, or context-dependent, leading to silent persistence of incorrect personal data and unexpected long-term profiling.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.