Back to skill

Security audit

Self-Improving Workflow Helper

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only workflow skill for turning failures and reviews into controlled process improvements, with no code execution, credentials, or hidden data access.

Install only if you want an agent to help formalize retrospectives, review feedback, prompt updates, or runbook improvements. Review any generated prompt, skill, memory, or runbook changes before making them durable, and consider tightening activation wording if accidental invocation would be disruptive.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger examples are broad enough to match ordinary requests about feedback loops, review comments, or safe self-improvement, which can cause this skill to activate outside its intended niche. In a self-improving workflow skill, overbroad activation is more dangerous than usual because it may steer unrelated tasks into workflow-modification or prompt-update behavior, increasing the chance of unintended drift or unsafe operational changes.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The skill description uses very broad activation language such as self-improving agent, feedback loop, runbook, prompt update, quality review, and practical workflow support. This can cause the skill to be invoked for many generic productivity or operations requests outside its narrow intended scope, increasing the chance of inappropriate prompt injection into unrelated tasks or workflow drift through over-application.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger section contains ambiguous keywords and example phrases that are common across many benign workflow requests, but it does not provide scope constraints or negative examples. In a skill-selection system, this increases accidental activation frequency, which can misroute tasks, introduce irrelevant self-improvement behavior, and create unnecessary modification pressure on prompts, runbooks, or procedures.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The skill enables implicit invocation while advertising a broad, generic 'workflow helper' capability with no narrow trigger conditions or scope limits. This can cause the agent to auto-select the skill in loosely related contexts and apply self-modifying or instruction-updating behavior where it was not explicitly requested, increasing the risk of unintended prompt changes, workflow drift, or misuse of failure data.

Vague Triggers

High
Confidence
89% confidence
Finding
Overly broad trigger sentences can cause the skill to activate for common requests outside its intended scope, creating prompt-routing confusion and increasing the chance that unrelated tasks are handled with the wrong workflow. In an agent ecosystem, this can become a control-boundary problem because broad matching may override more appropriate specialized skills or cause unintended autonomous behavior patterns to be applied.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.