Back to skill

Security audit

Agent Self Evaluation

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed self-review checklist for agent outputs and does not request system access, credentials, persistence, or network activity.

Install this if you want the agent to add structured self-assessments after larger tasks. Expect possible extra output or token use on broad task-completion triggers, but the artifact does not show hidden access, credential use, persistence, or exfiltration behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The skill description and documented trigger conditions are broad enough that this self-evaluation step could activate after a wide range of normal task completions. That creates prompt-surface inflation and can cause unnecessary post-processing on unrelated tasks, increasing the chance of instruction interference, wasted tokens, or degraded responsiveness across many conversations.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The user-facing trigger phrase includes ordinary conversational language such as asking the agent to rate itself, which can overlap with common requests and unintentionally invoke the skill. This makes the skill easier to trigger than intended and may lead to unsolicited self-assessment behavior, context diversion, or unexpected formatting/output changes in benign conversations.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.