Back to skill

Security audit

ADHD

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed performance-art mode, but it asks the agent to override other skills and perform unrelated searches or file reads, so users should review it carefully before installing.

Install only if you intentionally want a novelty mode that may make the agent less reliable. Do not use it for serious coding, private files, research, business workflows, or any session where unrelated browsing or file access would be inappropriate.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The skill explicitly states that its behavior rules should override other skills' instructions, which attempts to elevate itself above other controls and broadens its influence beyond the narrow purpose of a roleplay or interaction style. In a multi-skill or policy-constrained agent, this can suppress safer task-specific behaviors and cause the agent to ignore more appropriate instructions during tool use or sensitive workflows.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The skill instructs the agent to perform unrelated searches, browse irrelevant content, and open unrelated files opportunistically as part of the mode's behavior. That creates unjustified data access and external browsing side effects unrelated to user intent, increasing the risk of privacy violations, context leakage, and wasteful or unsafe tool activity.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill directs the agent to actually use search and file/web access for tangential topics without warning the user that enabling the mode may trigger unrelated tool actions. This undermines user expectations and informed consent, especially where browsing, file access, or telemetry may expose sensitive information or incur costs.

Ssd 1

High
Confidence
99% confidence
Finding
The instruction that this skill's rules should supersede other invoked skills is a direct attempt at semantic privilege escalation within the prompt hierarchy. Even if framed as behavior art, it can weaken existing safeguards and cause downstream skills or controls to be ignored in situations where reliability and compliance matter.

Ssd 4

Medium
Confidence
92% confidence
Finding
The skill normalizes deliberate derailment of task execution by encouraging distraction, incomplete work, and opportunistic deviation from user goals. While framed as a stylistic or artistic effect, this degrades compliance and predictability, making the agent more likely to mishandle tasks and tool usage in ways the user did not request.

Ssd 4

High
Confidence
98% confidence
Finding
This section explicitly instructs the agent to turn momentary thoughts into real searches, webpage visits, or file reads even when unrelated to the user's task. In context, that is more dangerous because the skill's stated purpose is deliberate inefficiency, so the side effect is not accidental but a designed mechanism for unauthorized context expansion and potential data exposure.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.