Core PA Admin and Exec Support

Security checks across malware telemetry and agentic risk

Overview

This skill drafts administrative plans and communications without taking actions on the user's behalf.

Install if you want a drafting-only personal assistant for plans, schedules, and communications. Provide only the messages, calendar details, and notes needed for the task, and explicitly state your timezone, working hours, and any exceptions so the hard-coded default business-hour assumptions do not produce unsuitable suggestions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Behavioral ASTexec() Call, eval() Call, Dynamic Import
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Natural-Language Policy Violations

Medium

Confidence: 92% confidence
Finding: The skill hard-codes a weekday-only, 08:00–17:00 scheduling policy with meetings ending by 16:30, without requiring user opt-in or explaining locale, role, or accessibility assumptions. In an exec-support context, this can systematically produce unsuitable plans for users in different regions, nonstandard work schedules, or urgent situations, leading to missed opportunities, exclusion, or operational friction.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal