Context Hygiene

Security checks across malware telemetry and agentic risk

Overview

This is a small instruction-only skill for keeping agent memory files concise; its pruning behavior is disclosed and aligned with that purpose.

Install this only if you want agents to actively maintain and shrink persistent context files. Review deletions before removing anything user-authored, audit-relevant, or not clearly temporary. Replace the timezone example with your real timezone, and add the AGENTS.md startup instruction only if you want this protocol to persist across sessions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly instructs agents to 'delete the exploration' and to avoid keeping prior reasoning artifacts, but it does not require confirmation, backups, or a distinction between ephemeral notes and valuable workspace records. In an agent setting, this can lead to unintended data loss, destruction of audit trails, or deletion of user-authored material under the banner of 'context hygiene,' especially because the skill is broadly applicable and encourages routine pruning.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal