soul-audit

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a review-only prompt and SOUL.md auditor with no evidence of hidden execution, persistence, or data exfiltration.

Install is reasonable if you want Guardian-style audits of SOUL.md or system prompt files. Before use, confirm the skill is being invoked for the specific document you intend to review, prefer local files or pasted text for sensitive prompts, and only fetch remote URLs you trust.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 84% confidence
Finding: Broad trigger phrases can cause the skill to activate for generic requests about ethics, system prompts, or agent review, leading to unintended handling of sensitive prompt content or overriding a more appropriate skill. In agent systems, overbroad routing increases the chance of context confusion and accidental exposure or processing of privileged configuration material.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: Accepting a remote URL without warning about network access or privacy implications can cause the agent to fetch untrusted external content, potentially disclosing metadata, processing sensitive documents from third-party hosts, or ingesting adversarial prompt material. In a prompt-auditing skill, this is more dangerous because the fetched content may itself contain instruction-like text designed to manipulate downstream analysis.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal