Task Prism

Security checks across malware telemetry and agentic risk

Overview

This is a project-planning skill made of documentation and templates, with no executable code or hidden data access.

Installers should expect this skill to activate for many project-planning or task-breakdown prompts. If that feels too broad for your workspace, narrow its trigger description or require explicit project-planning intent before use.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The README advertises very broad natural-language triggers such as 'Help me break down the tasks for this project' and 'Make a project plan,' which are common everyday requests that can easily overlap with unrelated user intent. In an agentic environment, this increases the risk of accidental invocation or over-triggering, causing the wrong skill to activate, consume context, and shape outputs in ways the user did not intend.

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The skill description includes very broad trigger phrases such as 'help me break down tasks', 'make a project plan', and 'how to divide work', plus expansive applicability across nearly any industry. This can cause unintended invocation during ordinary conversation, routing users into this skill when they did not explicitly request structured project-planning behavior and potentially overriding more appropriate domain-specific handling.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal