AI Agent Helper

Security checks across malware telemetry and agentic risk

Overview

This is a small instruction-only skill for helping with AI agent prompts and setup, with no code or requested system access.

Install this if you want help drafting prompts or AI-agent workflows. Review any generated system prompts before using them with agents that can access private data, run tools, or take real-world actions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The invocation examples are very broad and can cause the skill to activate for vague requests like 'help me write a prompt' or 'how to set up an AI agent' without clear boundaries. In an agent-assistance skill, overbroad triggering increases the chance of unsolicited prompt shaping or interference with unrelated tasks, which can change agent behavior in ways the user did not explicitly request.

Natural-Language Policy Violations

Medium

Confidence: 79% confidence
Finding: The description is written in Cantonese/Chinese and implies a language preference without stating that it adapts to the user's chosen language. This can cause unwanted language forcing or reduced usability, and in security-sensitive agent workflows it may obscure instructions or outputs if the user expects a different locale.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal