Skill Compounding

Security checks across malware telemetry and agentic risk

Overview

The skill is openly about creating reusable skills, but its broad triggers could cause durable workspace and agent-behavior changes without clear user confirmation.

Install only if you want the agent to help turn repeated work into reusable local skills. Before using it, require the agent to ask for confirmation before creating or registering any skill, and avoid capturing secrets, proprietary workflows, client data, or other sensitive project details.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The activation conditions are broad enough that the skill could trigger during ordinary problem-solving, documentation, or repeated patterns without clear user consent. In an agent system, this can cause unintended persistence or modification of workflow artifacts, leading to scope creep, noisy skill creation, and possible capture of sensitive project-specific procedures into reusable form.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The example commands are generic phrases that overlap with normal requests to document work, making accidental activation likely. Because this skill writes durable artifacts and updates indexes, ambiguous invocation can convert casual conversation into state-changing behavior without sufficiently informed intent from the user.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal