Back to skill

Security audit

What Did You Do

Security checks across malware telemetry and agentic risk

Overview

This skill clearly tells the agent to summarize its recent actions for the user and does not install code, contact outside services, or request credentials.

Install this only if you want users of the session to be able to ask for a summary of recent agent activity. Avoid using it immediately after highly sensitive work unless you are comfortable relying on instruction-based redaction, since it can still disclose tool names, file paths, and operational context.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The skill's read_when triggers are broad enough to activate on common conversational phrases like asking what the agent did or requesting a log. That can cause the skill to expose a reconstructed summary of recent tool usage in situations where the user did not explicitly intend to invoke this capability, increasing the chance of unintended disclosure of operational metadata, filenames, commands, or decision summaries from the current session.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The evals define broad natural-language triggers such as "What have you been doing?" and "Can you show me what actions you took?", which are common conversational phrases and can cause the skill to activate unintentionally. Because this skill exposes recent tool calls and actions, accidental invocation could disclose internal agent activity, file targets, or decision history to a user who did not explicitly request the command-style skill.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.