Diagnose Manager Effectiveness

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill does not run code or contact the network, but it can generate consequential personnel recommendations and save sensitive manager assessments with limited safeguards.

Review before installing if this will be used with real employees. Treat its output as advisory only, require human and HR review before any role or performance action, avoid entering unnecessary personal data, and choose a controlled location for the generated diagnosis file.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Natural-Language Policy Violations

Medium

Confidence: 93% confidence
Finding: The skill instructs consequential employment recommendations based on a simplistic binary self-assessment, which can produce unsafe and unjustified personnel actions. In context, this is not classic software exploitation, but it is a genuine harmful-output risk because the agent may present a high-confidence recommendation to remove someone from management without robust evidence or human review.

Missing User Warnings

Low

Confidence: 81% confidence
Finding: The skill instructs writing an output file in the current directory without explicit user-facing notice or confirmation. In an agent context, implicit file creation can cause unintended data persistence, overwrite risks, or placement of sensitive managerial assessments in an insecure location, especially when the working directory is ambiguous.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal