Creative Agent OS North Star

Security checks across malware telemetry and agentic risk

Overview

This is a small advisory skill for product and architecture alignment, with no executable code or hidden data access.

Install this if you want an agent to apply a specific product north-star lens to creative agent OS architecture discussions. Be aware it may add that lens to borderline product/design conversations, but it does not ask for special access or perform actions on its own.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The skill description is broad enough to match many ordinary architecture, product, and design-review conversations, which can cause over-invocation outside its intended niche. Overly broad activation increases the chance the skill unnecessarily steers decisions or injects its opinionated framework into unrelated tasks, creating prompt-scope interference and unreliable behavior.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The instruction 'Use this skill when the work risks drifting away from the intended product shape' is subjective and lacks clear activation boundaries. This ambiguity can cause the skill to self-justify activation in a wide range of normal discussions, leading to accidental takeover of conversations and disproportionate influence on system behavior.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal