Prompt Cache

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a purpose-aligned caching/database guidance skill, with a privacy caveat around example fields that may contain personal data.

Safe to install with normal caution. Avoid putting raw child names or other personal identifiers directly in cache keys or records; use opaque IDs, hashes, retention limits, and access controls for any database used by the skill.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill explicitly uses cache keys and schema fields containing personal data such as child_name and language, but it provides no warning about storing or retaining that information. This can lead users to persist sensitive or regulated personal data without considering minimization, consent, retention, or access controls, especially because the skill presents the cache as a generic reusable pattern across backends.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal