Back to skill

Security audit

Cogito

Security checks across malware telemetry and agentic risk

Overview

Cogito is an instruction-only self-reflection skill with disclosed, user-triggered personalization, but users should be careful about storing sensitive reflections in its profile file.

Install only if you want a probing reflection assistant. Review evolution proposals before approving them, avoid storing intimate or highly sensitive details in the profile, and use the reset trigger if you want to clear personalization. Do not rely on this skill for crisis support or professional mental-health guidance.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrase "ponder" is common natural language and can appear in ordinary conversation without a clear intent to activate the skill. Because this skill materially changes assistant behavior into a constrained Socratic mode, accidental activation could derail user requests or suppress normal assistance in situations where the user did not intend it.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This guidance encourages emotionally probing, adversarial-style reflection ('slight distortion,' exposing contradictions, and forcing depth) without any user-facing safety framing, consent checks, or escalation limits. In a self-reflection skill, that omission can increase risk of distress, shame, rumination, or worsening an unstable emotional state, especially because the document explicitly pushes on blind spots and tension.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The guide explicitly instructs the agent to analyze conversation traces and store adaptations in a persistent profile file, but it does not require a privacy notice, retention limits, or minimization of quoted user content. In a reflective mental-modeling skill, those traces are especially likely to contain sensitive personal beliefs, emotions, and disclosures, so silent persistence increases privacy and secondary-exposure risk.

Ssd 3

Medium
Confidence
95% confidence
Finding
The evolution design normalizes persisting user-derived conversation content into a profile file, creating a durable repository of sensitive behavioral inferences and possibly direct disclosures. Because the skill's purpose is deep introspection, the retained material is likely more sensitive than ordinary chat metadata, making leakage, later misuse, or overbroad reuse materially more dangerous.

Ssd 3

Medium
Confidence
91% confidence
Finding
Requiring the agent to display specific quotes from prior conversations can resurface sensitive statements into the current output, increasing the chance of unintended disclosure to anyone viewing the session or to downstream logs. In this skill context, prior quotes may include highly personal reflections, making replay itself a privacy and confidentiality hazard even without external exfiltration.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.