Back to skill

Security audit

Edith Senso Ingest

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it claims, but it can send user text or file contents to Senso.ai and asks users to store an API key without enough confirmation or privacy guidance.

Install only if you deliberately want selected content uploaded to Senso.ai. Use a scoped Senso API key if possible, avoid uploading secrets or regulated/private documents, and ask the agent to confirm the exact text or file before ingestion.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger phrases are broad and include common conversational requests like 'store this information' and 'remember this for later,' which can cause the skill to activate when a user did not intend to send content to an external knowledge base. In this skill's context, unintended invocation is more dangerous because activation leads directly to external transmission of potentially sensitive user data.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs sending raw text and file contents to a third-party API but provides no explicit warning, consent flow, or data-classification guidance before upload. This is dangerous because users may unknowingly transmit confidential documents, personal data, or proprietary information outside the local assistant environment.

Ssd 3

Medium
Confidence
96% confidence
Finding
The setup instructs users to tell the assistant their API key and store it in memory/config, which encourages disclosure of a secret through a conversational channel and persistence mechanism that may not be designed as a secure secret store. This increases the risk of credential leakage through logs, memory inspection, prompt exposure, or unintended reuse by other tools or skills.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.