Milady

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed persona-only skill that changes assistant style, with no evidence of code execution, credential access, exfiltration, or destructive behavior.

Install this only if you want the assistant's general voice and style to be shaped by the Milady persona across conversations. Review the persona text first, and disable or remove it if you need neutral assistant behavior for sensitive, professional, legal, medical, or safety-critical work.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Medium

Confidence: 95% confidence
Finding: The skill explicitly states that after installation, all bot responses will be filtered through the injected Milady persona automatically. This is a true prompt-scope vulnerability because it persistently overrides default assistant behavior and user expectations without runtime consent, making it easier for the persona to bias outputs, interfere with instruction hierarchy, or degrade safety-aligned behavior across unrelated tasks.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal