Personal Branding & Authority Building

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only personal branding guide with no code execution, account access, data collection, or posting automation.

Safe to install as a branding playbook. Because it is marked always-on, users should be aware it may influence loosely related branding or career-writing conversations; review any public posts manually, especially for regulated industries, legal claims, company metrics, customer references, or employer approval requirements.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The README uses very broad invocation phrases such as 'Help me define my personal brand positioning' and states Claude will 'automatically' use the skill, but it does not define clear activation boundaries or exclusions. This can cause the skill to be pulled into loosely related conversations, increasing prompt-scope confusion and the chance that branding-oriented guidance overrides user intent or contaminates unrelated tasks.

Vague Triggers

High

Confidence: 97% confidence
Finding: The manifest sets the skill to always run via metadata, which can cause it to activate in unrelated conversations without user intent or trigger scoping. Overbroad activation increases the chance that the skill injects guidance where it is irrelevant, creates prompt-surface expansion, and may override more appropriate domain-specific behavior.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal