Personality

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only DISC personality quiz skill with no hidden code, though it may activate broadly and recommends installing follow-on personalization skills.

Use this skill if you want DISC-based communication personalization. Before running the suggested `npx skills add` command, review the specific follow-on skill because it may change how the AI communicates with you in later sessions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The skill description includes very broad trigger phrases such as general personality, communication, meeting prep, and difficult conversation topics, which can cause the skill to activate in many normal conversations where the user did not explicitly request DISC-based profiling. That raises the risk of unsolicited behavioral inference, misclassification, and inappropriate installation guidance being introduced into unrelated contexts.

Vague Triggers

Medium

Confidence: 96% confidence
Finding: The instruction to proactively ask which flow the user needs as soon as the skill is loaded creates an ambiguous activation boundary and encourages unsolicited steering of the conversation. In practice, if the skill is triggered by an overly broad match, it may interrupt unrelated user tasks and begin personality assessment or third-party profiling without clear consent.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal