Pm Copilot

Security checks across malware telemetry and agentic risk

Overview

This appears to be a project-planning skill with clean malware telemetry and only activation-scope concerns, not evidence of deception or harmful behavior.

Before installing, review when the skill activates and avoid sending confidential roadmaps, customer data, regulated data, or internal planning material to the remote MCP workflow unless you trust that service and its data handling terms.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The skill mandates behavior on broad greetings or generic help-seeking messages, which can cause the agent to enter a workflow and present capability-driven prompts without explicit user intent to activate this PM skill. In environments with multiple skills or automatic routing, this increases the chance of unintended skill invocation and premature collection of project information.

Vague Triggers

Medium

Confidence: 97% confidence
Finding: The trigger keywords include broad, ambiguous phrases like 'WBS', 'iteration plan', and 'planning proposal' without disambiguation or confirmation requirements. This can cause accidental tool invocation, especially because the skill is connected to a remote MCP service and may initiate multi-step workflows or data exchange based on loosely matched language.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal