Back to skill

Security audit

Jackyshen Agile Coach

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only agile coaching prompt toolkit with no executable code or data access, though its trigger wording is broader than necessary.

Install this if you want agile coaching prompt templates. Be aware it may activate on generic product or business terms, so users may need to redirect the agent when the task is not actually about agile work; also, the skill references a prompt-library file that is not included in this version, which may limit usefulness.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

High
Confidence
94% confidence
Finding
The activation scope is extremely broad and includes many common workplace and product-discussion terms such as 'risk', 'decision-making', 'persona', and 'pattern recognition', plus mandatory language ('MUST be activated') that can force invocation in loosely related contexts. This can cause unintended routing, prompt injection surface expansion, and context hijacking where the assistant applies this skill when the user did not request agile-coaching behavior.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.