Security audit

Devils Advocate Suite

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent decision-review aid with simple local helper scripts and no evidence of hidden access, data sharing, persistence, or destructive behavior.

Install this if you want the agent to proactively challenge plans and run small local helpers for risk scoring and TRIZ lookup. Be aware that its trigger wording may activate during broad high-stakes planning discussions, so users who only want explicit invocation may prefer narrower trigger language.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 82% confidence
Finding: The skill description says to "make sure to use this skill whenever a decision has dire consequences or shows signs of false consensus," which is broad enough to encourage automatic invocation across many normal planning or strategy conversations. Overly broad activation criteria can cause the agent to over-trigger this skill, biasing responses toward adversarial framing, increasing prompt-surface area, and creating denial-of-intent issues where the skill is used outside the user's explicit request.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal