Back to skill

Security audit

Influence And Negotiation

Security checks across malware telemetry and agentic risk

Overview

This is a real negotiation-coaching skill, but it asks agents to pull broad private workplace data and persist sensitive negotiation records without enough explicit user control.

Install only if you are comfortable with a negotiation assistant that may request or use internal communications, CRM records, cloud documents, calendars, profile data, and persistent local memory files. Before using it, approve each source explicitly, restrict searches to the minimum counterparties and date ranges, avoid unnecessary HR/legal/compensation or third-party personal data, and store any negotiation memory only in an approved private location with a deletion plan.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (9)

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The skill is presented as a negotiation coaching toolkit, but it directs the agent to perform deep research and resume from prior artifacts and memory files. That materially expands data access and processing beyond the user-visible framing, increasing the risk of unnecessary collection and use of sensitive internal information during ordinary coaching requests.

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
This instruction tells the agent to profile named stakeholders across CRM, Slack, LinkedIn, and OSINT in parallel. That is a substantial scope expansion from drafting/coaching into surveillance-style intelligence gathering, and it can expose private, sensitive, or irrelevant personal and workplace data about individuals involved in negotiations.

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The skill instructs the agent to run broad BATNA and competitive-intelligence research across CRM, Slack, and open sources using multiple sub-agents. This exceeds the disclosed negotiation-assistant purpose and can lead to over-collection of internal competitive data, procurement history, and other sensitive business intelligence without clear necessity or user awareness.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
Accessing CRM and Slack to profile individuals involved in a negotiation is not justified by the base function of a coaching skill and risks misuse of internal communications and customer data. In context, this can reveal confidential relationship history, internal opinions, or personal details that are unrelated to legitimate negotiation preparation.

Context-Inappropriate Capability

Medium
Confidence
84% confidence
Finding
The skill recommends invoking a humanizer or 'AI detection cleanup' capability specifically to make counterparty-facing text appear less AI-generated. That encourages deceptive presentation and can be used to evade transparency expectations or platform controls designed to identify synthetic content in sensitive business communications.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The invocation description is extremely broad, covering many normal workplace interactions and cues that are likely to occur in routine conversation. That increases the chance the skill will activate in contexts where users did not intend to trigger a high-agency negotiation workflow with research, drafting, and data-gathering behavior.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The skill explicitly says users rarely invoke it by name and that it should infer activation from ambiguous cues like pasted emails or 'they just said X.' In combination with powerful tools and broad research instructions, this makes accidental or covert activation more likely and reduces meaningful user awareness and consent.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill tells the agent to proactively pull data from connected systems such as email, Slack, CRM, drives, calendars, and LinkedIn before proceeding, but it does not require explicit, informed user consent for each source or clarify scope limits. In a negotiation context, those sources can contain highly sensitive personal, HR, legal, commercial, and third-party data, so broad autonomous retrieval can exceed user expectations, violate least-privilege principles, and expose unrelated confidential information.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs the agent to proactively create and update persistent negotiation memory across sessions, and the templates include highly sensitive content such as stakeholder maps, inferred motivations, BATNA, compensation data, labor relations context, and strategic concessions. There is no corresponding requirement to obtain user consent, minimize retained data, redact personal/special-category information, or warn about storage/privacy risks, which can lead to unnecessary retention and exposure of confidential business and personal information.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.