Security audit

Ceo Assistant

Security checks across malware telemetry and agentic risk

Overview

This is a broad instruction-only executive planning assistant, with no code or hidden data access, though its generic trigger words may activate it more often than intended.

Install this if you want a broad planning and executive-assistant style to shape planning, review, strategy, and decision conversations. Keep confirmations enabled for actions involving money, accounts, public communications, staff, or external systems, and consider narrowing the trigger wording if you only want it used for explicit CEO or strategy work.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 97% confidence
Finding: The trigger keywords include very common terms such as "plan," "review," "goal," "project," and "decision," which are likely to appear in ordinary user conversations. This can cause unintended activation of the skill, leading it to override or steer general interactions into its prescribed workflow when the user did not explicitly request this executive-planning behavior.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.