Back to skill

Security audit

Work Productivity Proactive Agent Workflow Helper

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only workflow helper, with no executable code or hidden data access, but its automatic activation wording is broad and may trigger more often than users expect.

Review the trigger behavior before installing. This skill appears safe as a workflow helper, but because it allows implicit invocation and uses broad keywords, users who want tighter control should invoke it explicitly or adjust the triggers to proactive-agent workflow requests only.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (10)

Vague Triggers

High
Confidence
92% confidence
Finding
The trigger phrases are broad, generic, and partially duplicated from the requirement text, making the skill eligible for invocation in many loosely related contexts. This increases the chance of unintended auto-selection or prompt routing conflicts, which can cause the wrong workflow to run and expose users to irrelevant or unsafe actions in a proactive-agent setting.

Vague Triggers

High
Confidence
92% confidence
Finding
The trigger phrases and keywords are broad enough to match many ordinary productivity or help-seeking requests, which can cause the skill to activate outside its intended scope. In an agent ecosystem, this increases the chance of unintended invocation, response hijacking, or workflow interference, especially because the skill is positioned as a proactive helper for general task execution.

Vague Triggers

High
Confidence
96% confidence
Finding
The trigger list includes very generic terms like 'proactive', 'transform', 'task', 'needs', and 'bug fix', which are common in ordinary conversations and can cause accidental or excessive skill activation. Over-broad activation increases the chance that this skill intercepts unrelated requests, leading to prompt-routing confusion, unexpected behavior, or misuse of the skill in contexts the user did not intend.

Vague Triggers

High
Confidence
94% confidence
Finding
The manifest description says to use the skill when a user asks for broad concepts like 'work-productivity', 'proactive', 'transform', or 'task', which creates an ambiguous activation boundary. In systems that rely on description text for routing, this can cause the skill to be selected for many unrelated requests, undermining least-privilege behavior and increasing the attack surface for prompt or workflow hijacking.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The example trigger phrases demonstrate activation using broad everyday language and do not show any constraints that would prevent matching on partial, incidental, or out-of-context wording. These examples can reinforce overly permissive routing behavior and make accidental invocation more likely, though the risk is somewhat lower than explicit keyword lists because examples are indirect signals.

Vague Triggers

High
Confidence
95% confidence
Finding
The trigger list includes very broad everyday terms such as "task", "needs", and "partners", which can cause the skill to activate in many unrelated conversations. This increases the chance of unintended routing, causing the agent to apply this workflow in contexts the user did not request and potentially producing irrelevant or unsafe automation guidance.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill description says it should be used whenever users mention broad categories like work-productivity, proactive, transform, or task, or whenever they need a practical workflow or analysis. These conditions are too open-ended, so the skill may be selected for many unrelated requests, leading to mis-scoped assistance and reducing the reliability and safety of agent behavior.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The default_prompt uses very broad, generic wording such as 'help me' and common workplace terms, which can cause the platform to invoke this skill for ordinary user requests unrelated to the intended workflow. In a skill with proactive-agent framing, accidental invocation can unexpectedly steer conversations, expose users to unintended automation behavior, or override more appropriate skills.

Vague Triggers

High
Confidence
96% confidence
Finding
Enabling allow_implicit_invocation without tight activation constraints increases the chance that the skill will be selected automatically from vague user phrasing. Because this skill is framed as a proactive workflow helper, unintended activation could insert autonomous workflow behavior into unrelated tasks, causing prompt hijacking of user intent, confusion, or unsafe execution paths in downstream agent systems.

Vague Triggers

High
Confidence
97% confidence
Finding
The trigger phrases are generic enough to match many normal requests about workflows, tasks, or help, which can cause the skill to activate outside its intended scope. In an agent ecosystem, overbroad invocation increases the chance of unintended routing, prompt/context collisions, and the application of this skill's instructions to unrelated user tasks.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.