plan-as-consultant

Security checks across malware telemetry and agentic risk

Overview

This is a text-only planning skill for business research, with no code execution, credentials, persistence, or hidden data access.

Reasonable to install as a business research planning aid. Review its framework recommendations for fit before acting on them, and avoid giving it confidential strategy, customer, or market data unless you are comfortable sharing that context with your agent.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The trigger description is broad enough to activate on common requests such as general help structuring a question, understanding users, or deciding what framework to use, which increases the chance this skill is invoked outside its narrowly intended scope. Over-broad activation can cause inappropriate routing, unintended disclosure of contextual business information to the skill, and interference with safer or more relevant skills.

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal