Back to skill

Security audit

Enfj Coach

Security checks across malware telemetry and agentic risk

Overview

This is a non-executable coaching skill, but its ENFJ/INTP mismatch and under-scoped saving of personal coaching notes warrant careful review before use.

Install only if you are comfortable reviewing and correcting its mixed ENFJ/INTP materials and disabling or tightly controlling memory use. Before using it with personal reflections, tell the agent not to save session details unless you explicitly approve, and prefer a corrected version with consistent ENFJ content plus clear review and deletion controls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (19)

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The README documents an INTP coaching skill while the manifest metadata declares an ENFJ-specific skill. This mismatch can cause the wrong skill to be invoked, mislead reviewers and users about the skill's purpose, and result in behavior outside the declared scope, which is a real integrity and safety issue for prompt-routed agent systems.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The documentation repeatedly describes 'INTP Coach' behavior that contradicts the manifest-declared ENFJ intent. In a skill ecosystem, contradictory identity and routing cues increase the chance of misclassification, accidental activation for the wrong user population, and unsafe or irrelevant coaching responses.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The manifest says the skill should only trigger when the user explicitly identifies as ENFJ and wants growth/career/study guidance, but the body expands operation to vague emotional conversations and non-ENFJ users. This creates scope drift that can cause the agent to engage in unintended contexts, increasing the chance of unsolicited advice, misrouting, and bypass of higher-level routing safeguards.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The skill advertises a persistent 'growth record' capability that is not disclosed in the manifest's narrow coaching description. Undeclared memory-like behavior is dangerous because it changes the data handling model from ephemeral coaching to profile accumulation, which can surprise users and systems that only approved a simple coaching skill.

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
This section operationalizes storage of user problems, interests, actions, and insights beyond the stated coaching scope. Such expansion materially increases privacy and compliance risk because the skill is no longer just giving advice in-session; it is building a longitudinal user dossier.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The end-of-conversation flow mandates archiving user information after every session, which exceeds the manifest's described behavior and creates implicit data retention. Mandatory retention without explicit scoping or consent can lead to unauthorized persistence of sensitive personal reflections and behavioral history.

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The reference file materially contradicts the skill's stated ENFJ purpose by describing traits and function dynamics that align with a different MBTI profile, and it even references another skill path. In a coaching skill, this can systematically misclassify the user, produce inappropriate advice, and erode trust; while not a direct code-execution issue, it is a real integrity and safety problem because users may act on incorrect personal guidance.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The reference file is entirely scoped to INTP coaching while the skill metadata declares ENFJ-only activation and use. This creates a scope-integrity failure: if the skill retrieves or conditions on this file, users may receive personality guidance for the wrong type, causing misleading advice and bypassing the declared operating boundary.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The later sections operationalize an 'INTP Coach' strategy, giving the skill actionable capability outside its declared ENFJ scope. This is dangerous because the agent may silently coach non-target users or apply INTP frameworks to ENFJ users, undermining trust, safety review assumptions, and policy gating based on the manifest.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The README says behavior is 'automatically recognized' and that growth recording is 'automatically executed' without clear boundaries or gating conditions. Ambiguous auto-trigger and auto-execution semantics can lead to unintended invocation or silent state changes, which is risky in a coaching skill that may handle sensitive personal disclosures.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill claims it will save conversations and action records, but provides no notice about what data is stored, for how long, who can access it, or how consent is obtained. Because coaching conversations may include mental-health-adjacent and highly personal information, undocumented persistence materially increases privacy and compliance risk.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill says it will save and reuse user profile or conversation data but provides no clear privacy notice, retention disclosure, or consent step. In a coaching context, this is especially risky because users may share emotional state, career uncertainty, habits, and other sensitive personal details under the assumption of ephemeral support.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The workflow instructs the agent to record key insights into a user profile without warning the user that personal data may be retained. Silent profiling in a self-improvement or coaching skill can capture intimate patterns and inferred traits, making the privacy risk more serious than ordinary note-taking.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The 'growth record' section enumerates collection of core problems, interests, action history, and behavioral patterns without a clear user disclosure of privacy consequences. This is dangerous because it turns sensitive coaching conversations into structured profiling data that could be reused across sessions without informed consent.

Ssd 3

Medium
Confidence
98% confidence
Finding
The skill directs retention and reuse of user-provided conversation details across sessions in a persistent profile/archive. Cross-session memory of coaching content is sensitive because it enables cumulative profiling of emotional, behavioral, and career-related information beyond what a user may expect from a simple guidance skill.

Ssd 3

Medium
Confidence
98% confidence
Finding
The core workflow instructs storing user insights and behavioral history for future sessions, effectively creating a longitudinal profile. This increases the blast radius of any misuse or breach and can influence future conversations based on potentially sensitive inferred traits.

Ssd 3

Medium
Confidence
99% confidence
Finding
The defined 'growth record' stores problems, interests, actions, and key insights for later recall, which is persistent sensitive-data retention. In a personal coaching setting, these categories can reveal mental state, vulnerabilities, goals, and behavioral tendencies, making unauthorized retention materially risky.

Ssd 3

Medium
Confidence
97% confidence
Finding
The 'must follow' guidance requires recording a user profile as part of normal operation, making sensitive retention mandatory rather than optional. Mandatory profiling is dangerous because it normalizes collection of personal data even when not required to answer the current request.

Ssd 3

Medium
Confidence
99% confidence
Finding
The session termination flow instructs archiving summaries, insights, plans, and later outcomes for future recall. This is dangerous because it creates a durable record of sensitive self-improvement conversations and behavioral follow-up without clear consent, magnifying privacy harm if accessed improperly or used unexpectedly.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.