Aria — Google Business Profile Agent

Security checks across malware telemetry and agentic risk

Overview

This is a plain Markdown identity template that changes an agent’s workspace instructions, with some broad but visible local memory behavior.

Install this only if you want Aria to replace the workspace’s identity and operating rules. Back up existing SOUL.md, IDENTITY.md, AGENTS.md, and BOOTSTRAP.md first, avoid storing secrets in MEMORY.md or memory notes, and restrict calendar, Google Business Profile, or posting tools if those should require explicit approval.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The instruction 'Don't ask permission. Just do it.' weakens user-consent boundaries by broadly authorizing autonomous reads at session start. In an agent identity/workspace bootstrap file, this can normalize non-consensual access to contextual and memory files and may cause the agent to act before confirming the current interaction context is appropriate.

Natural-Language Policy Violations

Low

Confidence: 82% confidence
Finding: The heartbeat section mandates a fixed response token ('HEARTBEAT_OK') when no action is needed, which constrains agent output without explicit user opt-in. While low severity, forced protocol phrases can interfere with higher-priority instructions, create brittle behavior across integrations, and be abused to suppress more informative or safety-relevant responses.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal