Security audit

Infj Coach

Security checks across malware telemetry and agentic risk

Overview

This looks like a coaching skill rather than malware, but it needs Review because it mixes INFJ and INTP scope and asks to retain sensitive coaching records without clear user controls.

Review before installing. The main risks are not malware-like behavior; they are unclear targeting and privacy boundaries. Ask the publisher to make the package consistently INFJ or INTP, narrow the trigger rules, and make any saved coaching memory explicit, opt-in, reviewable, and deletable.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (15)

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: The README describes an INTP coaching skill while the manifest metadata says this is an INFJ coaching skill. This mismatch can cause the agent to activate under the wrong assumptions, deliver mis-scoped guidance, and bypass user/administrator expectations about when the skill should run. In a personality-targeted coaching skill, identity and trigger scope are core safety boundaries, so inconsistent documentation materially increases the risk of misrouting and misuse.

Description-Behavior Mismatch

Medium

Confidence: 93% confidence
Finding: The documented examples include generic phrases such as analysis paralysis and focus problems without preserving the manifest's INFJ-only precondition. That broadens the apparent activation surface to ordinary self-help conversations, which can cause unintended triggering and delivery of personality-specific coaching to users who did not opt into it. The coaching context makes this more sensitive because users may treat the responses as personalized psychological guidance.

Description-Behavior Mismatch

Medium

Confidence: 93% confidence
Finding: The manifest explicitly says the skill should not trigger for vague emotional statements or non-INFJ users, but the body instructs the agent to engage anyway in those scenarios. This mismatch can cause the skill to activate outside its declared scope, leading to unexpected behavior and broader collection of sensitive emotional disclosures than users or operators would expect.

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The skill introduces a 'growth record' / user archive capability that goes beyond the manifest's stated coaching function and is not disclosed in the activation description. Hidden persistence is risky because users may reveal sensitive mental-health-adjacent, career, and habit information without realizing it will be retained across sessions.

Description-Behavior Mismatch

High

Confidence: 95% confidence
Finding: The manifest claims this is an INFJ coaching skill, but the metadata keywords/tags describe INTP instead, creating a material identity mismatch. This can misroute users, bypass expected trigger constraints, and conceal unrelated or deceptive behavior behind inconsistent packaging metadata, which is especially risky for user-facing guidance skills.

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: The reference file is entirely about INTP coaching while the skill manifest declares an INFJ-focused coaching skill. This scope mismatch can cause the agent to give systematically wrong personality-specific advice, which is especially risky in growth, career, and emotional-guidance contexts because users may rely on tailored coaching that is actually for a different type.

Intent-Code Divergence

High

Confidence: 99% confidence
Finding: The documentation explicitly labels the material as 'INTP Coach', directly contradicting the manifest-declared INFJ purpose. This reinforces that the mismatch is not incidental and increases the chance the runtime behavior will anchor on the wrong persona model, producing misleading or harmful coaching outputs for INFJ users.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: Describing invocation as 'automatic recognition' without concrete boundaries leaves triggering behavior underspecified. That ambiguity can lead to accidental activation in normal chats, unpredictable behavior across implementations, and over-collection of sensitive coaching context when the user did not intend to enter a coaching flow. Because this is a guidance-oriented skill, mistaken activation can shape user decisions inappropriately.

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The sample trigger phrases are close to common conversational language and lack enough contextual constraints. This creates overlap with ordinary discussions about motivation, focus, or confusion, increasing the chance the skill activates for users outside its intended scope. In a coaching skill, false activation is more dangerous than in a generic utility skill because the output may be interpreted as tailored personal advice.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The README states that the skill will save conversations, actions, growth records, and user profiles, but it does not clearly disclose consent, retention, storage location, access controls, or deletion options. This is dangerous because coaching interactions can contain sensitive mental-health-adjacent, career, and personal information, so silent or poorly explained persistence creates privacy and compliance risks. The context makes this more dangerous because users may disclose intimate self-reflections while expecting an ephemeral conversation.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill says it will save user conversation and action data as a persistent archive, but provides no explicit privacy notice or consent mechanism. Because this is a coaching skill handling personal struggles, goals, and behavior patterns, undisclosed retention materially increases privacy and trust risk.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The instructions require recording key insights, action plans, and execution results into a user archive without informing the user or asking permission. This creates a privacy vulnerability because sensitive self-development and possibly mental-health-adjacent information is being normalized for persistence by default.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: The end-of-conversation flow mandates archiving the user's problem, insights, plans, and results without a warning or consent step. Users are especially unlikely to expect silent storage at session close, making this a meaningful transparency and privacy failure.

Ssd 3

Medium

Confidence: 94% confidence
Finding: Directives to persist detailed user profiles and conversation history create a natural-language data retention risk: future prompts or model behavior may expose previously stored sensitive information. In a coaching context, the retained data can include emotional state, career uncertainty, habits, and other intimate personal details.

Ssd 3

Medium

Confidence: 91% confidence
Finding: The repeated instruction to collect and retain user problems, interests, insights, and action history amounts to broad personal-data accumulation in natural language. This increases the chance of overcollection, unintended reuse, and leakage of highly personal profile information across future interactions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal