Back to skill

Security audit

Persona

Security checks across malware telemetry and agentic risk

Overview

This Persona integration appears legitimate, but its instructions are too broad for a service that can handle sensitive identity data and state-changing API actions.

Install only if you intend the agent to work with Persona data. Use a narrowly scoped API token, review each requested action, and require explicit confirmation before creating, updating, deleting, or otherwise changing Persona records.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

High
Confidence
94% confidence
Finding
The skill description says to use this skill for ANY Persona request and instead of calling the API directly, which creates an overly broad trigger surface. That can cause an agent to route unrelated or insufficiently scoped requests into a powerful integration that supports both reads and writes, increasing the chance of unintended data access or modification without adequate user-intent verification.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.