Boss Report

Security checks across malware telemetry and agentic risk

Overview

This reporting skill needs Review because it appears to gather broad local work history and store manager-facing summaries without clear consent or retention limits.

Install only if you intentionally want an agent to inspect local work history and create persistent report summaries. Before use, confirm which sources it may read, exclude secrets and private transcripts unless explicitly needed, review the report before sharing it, and avoid long-term memory writes for sensitive work unless you have a retention policy.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger list includes very generic workplace phrases like 'work summary', 'daily report', and 'weekly report', which can plausibly appear in normal conversation and cause unintended activation. In this skill, accidental activation is more concerning because the workflow then instructs the agent to read local sessions, memory files, git history, and system state, potentially exposing sensitive data without a clearly intentional user request.

Missing User Warnings

High

Confidence: 96% confidence
Finding: The description markets the skill as a reporting helper but does not clearly disclose that it inspects sensitive local sources such as session transcripts, memory logs, git activity, Docker state, cron history, and file changes, then writes persistent reports. That omission undermines informed consent and can lead users to invoke the skill without realizing it performs broad data collection and retention.

Ssd 3

Medium

Confidence: 97% confidence
Finding: The workflow explicitly directs collection from sensitive sources and creation of a boss-facing summary, which creates a clear risk of confidential information disclosure, including private session content, memory notes, repository history, operational details, and file activity. The context makes this more dangerous because the target output is a managerial report, encouraging broad aggregation and retransmission of data that may exceed the user's intent or authorization to share.

Ssd 3

Medium

Confidence: 94% confidence
Finding: The instructions to append reports into daily, weekly, monthly, and long-term memory files encourage persistent retention of potentially sensitive work activity and 'significant events' without any classification, retention limits, or sensitivity checks. Even if the immediate report is acceptable, storing derived summaries long-term increases exposure, discoverability, and secondary misuse risk over time.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal