Bazi Full Fortune Telling

Security checks across malware telemetry and agentic risk

Overview

This fortune-telling skill is coherent, but it asks for sensitive family and life details and tells the agent to save a personal report without clear privacy or consent safeguards.

Install only if you are comfortable with an agent asking personal family-background questions and potentially saving the resulting analysis locally. Treat all calibration questions as optional, avoid sharing exact locations or unnecessary third-party details, and do not save reports containing sensitive information unless you intentionally choose where and how to store them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (9)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The README directs the agent to collect sensitive personal and family information as part of a calibration workflow, but it does not provide any privacy notice, data-minimization guidance, consent language, or handling restrictions. In an agent setting, this can normalize oversharing of intimate background data and lead to unnecessary retention, downstream reuse, or exposure of sensitive user attributes.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill instructs the agent to solicit sensitive family and personal background details such as parental relationship status, occupations, caregiving history, family finances, and education/work state, but provides no privacy notice, minimization guidance, retention limits, or consent language. In an agent setting, this can lead to unnecessary collection of intimate personal data and increased privacy harm if logs, prompts, or outputs are retained or shared.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill directs creation of a local text report containing sensitive personal profiling and inferred traits without any warning about storage, file location exposure, access controls, or retention. Persisting intimate analysis to disk can create long-lived sensitive artifacts that other local users, backups, sync tools, or malware may access.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The file explicitly instructs the agent to immediately ask for highly sensitive family-background details such as divorce status, parental absence, caregiver history, work, and location, but provides no consent prompt, sensitivity warning, minimization guidance, or privacy framing. In a fortune-telling skill, users may be emotionally vulnerable and may disclose intimate third-party information about relatives without understanding the sensitivity or necessity of the collection.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The content makes strong deterministic inferences about divorce, parental absence, remarriage, death-like absence, conflict, and controlling behavior from astrological signals, presenting them as actionable interpretations rather than clearly speculative statements. This creates a risk of psychological harm, manipulation, and false beliefs about sensitive family relationships, especially because the surrounding skill is designed to personalize and reinforce these claims through follow-up questioning.

Ssd 3

Medium

Confidence: 94% confidence
Finding: This workflow explicitly instructs the agent to elicit intimate family and background details such as parents' relationship, parental roles, family finances, and current life status, then use them to shape the output. Even if the use case is non-malicious fortune analysis, the skill encourages collection of highly sensitive data that is not technically required for safe operation and could expose users to privacy harms or profiling.

Ssd 3

Medium

Confidence: 95% confidence
Finding: The manual workflow tells operators to confirm multiple sensitive facts before producing a report, effectively operationalizing collection of family status, parental employment/location, caregiving history, economic background, and present life stage. This creates a repeatable pattern of sensitive-data gathering without safeguards, increasing the chance of unnecessary collection, social engineering risk, and privacy leakage.

Ssd 3

Medium

Confidence: 93% confidence
Finding: The English instructions replicate the same behavior, directing the agent to ask for sensitive family and personal-status information and incorporate it into the analysis. Because this is framed as normal skill behavior for AI agents, it broadens the risk across English-speaking users and increases the likelihood of routine collection of personal data without adequate warning.

Ssd 3

Medium

Confidence: 96% confidence
Finding: The developer workflow explicitly sequences sensitive fact collection and incorporation into the final report, making the privacy-invasive behavior part of the intended implementation. This is more dangerous in context because the skill also instructs output to a text file, creating a pathway for persistent storage of sensitive inferences and user disclosures.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal