slow-down

Security checks across malware telemetry and agentic risk

Overview

This is a benign pacing skill that changes the agent's conversation style but does not access files, credentials, networks, or persistent state.

Install this only if you want the agent to slow down and use reflective, relationship-aware prompts. Disable it or explicitly ask for fast transactional help when you do not want that style.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The skill description is broadly phrased around common requests like 'slow down' and 'not rush', which can match ordinary user language and cause the skill to activate outside its intended scope. Because the skill changes agent behavior and can inject reflective questioning or pacing constraints, unintended invocation may derail normal task completion and create confusing or manipulative interactions.

Natural-Language Policy Violations

Medium

Confidence: 84% confidence
Finding: The skill mandates a specific interaction style such as asking an exact question, mirroring in a prescribed tone, and withholding explanation, without requiring user consent for that style. In context, this can override user intent, introduce covert behavioral steering, and create a manipulative feel, especially when applied in personal or emotionally charged conversations.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal