Back to skill

Security audit

Ai Startup CEO Evaluator

Security checks across malware telemetry and agentic risk

Overview

This is a plain-text advisory skill for evaluating AI startup offers, with no code, persistence, credentials, or hidden data access, though one heuristic relies on questionable educational-pedigree assumptions.

Before installing, treat this as opinionated career advice rather than an objective assessment tool. Its operational startup checklist may be useful, but avoid relying on the school-prestige heuristic; prefer evidence such as customer access, domain expertise, prior execution, funding/runway, mentorship quality, and concrete distribution channels.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The activation criteria are broad enough to trigger on generic startup or workplace questions, which can cause the skill to activate outside its intended scope. Over-broad routing is dangerous because it can inject this skill's strong opinions and heuristics into unrelated conversations, increasing the chance of misguidance or policy drift.

Natural-Language Policy Violations

High
Confidence
97% confidence
Finding
The line about 'better schools' and 'no-name backgrounds' encodes biased, disparaging guidance based on educational pedigree and background rather than job-relevant evidence. This is dangerous because it can produce discriminatory evaluations, unfairly penalize founders from non-elite backgrounds, and cause the agent to reinforce harmful stereotypes in consequential career decisions.

VirusTotal

56/56 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.