My Work Profile Cross Agent

Security checks across malware telemetry and agentic risk

Overview

This skill is a local cross-agent work-memory tool, but it defaults to silently reading and automatically writing profile and business knowledge from normal conversations.

Review this before installing if you are comfortable with a skill that keeps a persistent local work profile across agents. Consider switching autoUpdate off immediately, inspect the files under the configured home-directory folder, avoid discussing sensitive business or personal details while it is active, and use the provided view/delete/correction commands to audit stored memory.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (9)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill is explicitly designed to persist extracted user profile and domain knowledge to local storage, and the default configuration enables automatic updates. Although the document later mentions logs and a mode switch, the top-level description does not clearly warn users up front that normal conversation content may be written to local files and reused across agents, which creates a meaningful privacy and consent risk.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The workflow instructs the agent to silently read local profile and domain files on every conversation and to avoid telling the user this is happening. Hidden background access to local knowledge files reduces transparency and can cause users to disclose information without realizing prior stored data is being loaded and influencing responses.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The example explicitly instructs the assistant to silently read local user knowledge files before answering, without an upfront privacy notice or consent prompt. In a cross-agent shared storage context, this increases the risk that sensitive profile data is accessed and used unexpectedly, defeating user expectations about when personal memory is consulted.

Missing User Warnings

High

Confidence: 98% confidence
Finding: This flow defaults to automatically appending user-derived knowledge into multiple files, including profile, domain, index, and changelog records, without prior explicit consent before persistence occurs. Default-on cross-session memory writes can capture sensitive work details from ordinary conversation and replicate them across storage locations, expanding both exposure and retention risk.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The migration example performs discovery of an old file, creates multiple new files, and renames the original file automatically, all without a clear warning or confirmation step. File mutation during migration can surprise users, alter local data integrity, and persist previously collected sensitive information into a broader structured store without informed approval.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The spec enables automatic knowledge updates by default and treats a missing config file as opt-in, which can cause the agent to persist conversation-derived data to local storage without explicit, informed user consent. In this skill's context, the stored data is a cross-agent work profile and domain knowledge base, so silent writes can accumulate sensitive business, role, and preference information across sessions and tools.

Ssd 3

Medium

Confidence: 93% confidence
Finding: The examples direct the assistant to persist user profile and preference details inferred from conversation and then echo those details back in an execution summary. Even if intended as helpful personalization, this creates ongoing behavioral profiling and increases the chance of exposing sensitive work context in the response surface or stored memory.

Ssd 3

Medium

Confidence: 90% confidence
Finding: Although the write itself is gated on confirmation, the skill still extracts, structures, and presents user profile changes and domain knowledge before consent is obtained. That means sensitive profiling and summarization still occur on untrusted conversational input, which can expose derived personal/work information in the UI and normalize hidden surveillance-like processing.

Ssd 3

Medium

Confidence: 96% confidence
Finding: The skill defines broad standing rules to extract roles, responsibilities, preferences, corrections, and workflow habits from normal conversation for ongoing memory. In context, this is a cross-agent profile-building mechanism, so broad extraction materially raises the risk of accumulating sensitive employment, operational, and behavioral data beyond what is necessary for the immediate task.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal