Back to skill

Security audit

Entj Coach

Security checks across malware telemetry and agentic risk

Overview

This non-executable coaching skill appears non-malicious, but its ENTJ/INTP identity mismatch and default personal-growth recordkeeping need review before installation.

Review this skill before installing. It may be useful as a conversational coach, but first confirm whether you want an ENTJ or INTP coach, and explicitly tell the agent not to save or reuse personal details unless you consent. Avoid sharing sensitive mental health, workplace, or relationship information unless you are comfortable with the platform’s memory and deletion controls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (18)

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The README describes an INTP coaching skill while the manifest declares an ENTJ-specific skill, creating a material mismatch between documented behavior and declared scope. This can cause the agent to activate in unintended contexts, deliver persona-inappropriate advice, and bypass operator expectations about what the skill does.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The documented target audience is INTP users, not the ENTJ-only audience stated in the metadata, so the skill's operational scope is inconsistent. In a routing system, this kind of mismatch can lead to incorrect invocation, misleading advice, and weakened safety controls that rely on accurate skill boundaries.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The manifest metadata materially conflicts with the stated purpose of the skill: the skill is described as ENTJ-focused, but the description, keywords, and tags indicate an INTP-oriented coaching skill. This kind of identity mismatch can cause the wrong skill to trigger, misroute sensitive user disclosures, and obscure what prompts or behavior the agent will actually apply, which is a supply-chain integrity issue even without executable code.

Description-Behavior Mismatch

Low
Confidence
83% confidence
Finding
The repository URL appears unrelated to the declared coaching skill, which weakens provenance and makes it harder to verify the source, maintenance history, and legitimacy of the package. In an agent-skill ecosystem, mismatched provenance increases the risk of users or reviewers trusting a package whose code/content originates from an unexpected or misleading source.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The reference file claims to support an ENTJ coaching skill, but the listed cognitive stack and downstream analysis describe a different MBTI profile. In a coaching context, this can systematically produce incorrect advice, misclassification of user needs, and unsafe or misleading guidance because the model is being primed with contradictory background material.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The document metadata identifies a different skill/path (`intp-coach/...`) than the file being analyzed, which indicates copy/paste contamination or packaging confusion. This increases the chance that the wrong reference material is loaded, maintained, or trusted, leading to persistent misbehavior and making future security/content reviews less reliable.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The reference file is entirely scoped to INTP coaching while the skill metadata declares ENTJ-only activation and guidance. This mismatch can cause the agent to deliver personality-specific advice to the wrong user segment, undermining skill boundaries and making behavior unpredictable; in agent systems, scope drift like this is a genuine integrity issue even if it is not traditional code execution.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The file explicitly labels itself as 'INTP Coach' reference material near the end, directly contradicting the declared ENTJ purpose of the skill. This kind of internal contradiction increases the chance that downstream prompts, maintainers, or retrieval systems will trust the wrong behavioral template, producing incorrect or unsafe coaching advice for users who expected ENTJ-targeted guidance.

Vague Triggers

Medium
Confidence
86% confidence
Finding
Describing core behaviors as 'automatic recognition' without precise trigger and exclusion rules leaves activation ambiguous. Ambiguous activation increases the chance of the skill engaging outside intended contexts, especially here where the README already conflicts with the manifest about who the skill is for.

Vague Triggers

Medium
Confidence
91% confidence
Finding
Marking the growth-record feature as 'automatic execution' without scope or consent boundaries implies stateful behavior may occur without clear user intent. For a coaching skill handling personal reflections and action plans, silent persistence can create privacy, compliance, and trust risks.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README says conversation and action history are automatically saved but does not provide a clear warning about retention, access, or privacy consequences. Because this skill collects sensitive self-reflection and behavioral data, undocumented storage can expose users to privacy harm if accessed, retained too long, or reused unexpectedly.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill states that it will save conversation history and action records for future use without clearly telling the user what is retained, for how long, or obtaining explicit consent. Because this skill handles personal growth, career uncertainty, emotions, and behavioral patterns, silent retention can create privacy harm and unexpected profiling of sensitive personal content.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
This section instructs the agent to record detailed profile elements such as core problems, interests, actions, and insights into a standing record, but does not provide a clear warning or consent flow. In a coaching context, these details can reveal mental state, work struggles, habits, and inferred traits, making undisclosed retention a meaningful privacy risk.

Ssd 3

Medium
Confidence
94% confidence
Finding
The skill encourages persistent logging and later reuse of personal conversation content without defining minimization boundaries. Even absent malicious intent, unrestricted profile building increases the risk of over-collection, secondary use, and exposure of sensitive self-disclosures beyond what the user reasonably expects from a single coaching chat.

Ssd 3

Medium
Confidence
95% confidence
Finding
The workflow repeatedly instructs the assistant to capture user insights, interests, and behavior history for later use, effectively creating a persistent dossier. In a personal coaching setting, this can accumulate sensitive patterns over time and amplify harm if the profile is misused, leaked, or accessed out of context.

Ssd 3

Medium
Confidence
97% confidence
Finding
The growth-record design directs collection of user problems, interests, actions, and inferred recurring patterns in a long-lived profile. That kind of structured profiling can expose intimate career, emotional, and behavioral information, and the lack of minimization/consent makes it dangerous from a privacy and trust perspective.

Ssd 3

Medium
Confidence
95% confidence
Finding
Marking profile recording as a mandatory instruction normalizes retention of personal data across all interactions, regardless of sensitivity or user preference. This increases privacy risk because users discussing confusion, motivation, or emotional struggles may be unknowingly funneled into persistent profiling.

Ssd 3

Medium
Confidence
96% confidence
Finding
The closing workflow instructs archiving user issues, insights, plans, and later execution results for future recall, again without clear disclosure, limits, or user control. This extends retention across sessions and can create an unexpectedly detailed behavioral history from what appears to be a lightweight coaching interaction.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.