Back to skill

Security audit

DaE: Persona Context Injector

Security checks across malware telemetry and agentic risk

Overview

This is a plain-text profiling skill that is purpose-aligned, but users should treat its generated persona profile as sensitive before sharing it with other AI tools.

Install only if you want to create a detailed reusable personal profile for AI collaboration. Before pasting its JSON or profile text into another agent or service, review it, remove sensitive details you do not need to share, and consider that destination tool's privacy and retention practices.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

Low
Confidence
93% confidence
Finding
The prompt explicitly tells the agent to instruct users to paste the generated persona JSON into a downstream advisor or other agent. Because this profile is built by probing background, constraints, weaknesses, lessons, and tensions, it is likely to contain sensitive personal data; encouraging propagation to other systems without any minimization or warning increases privacy and secondary-use risk.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill is designed to create a reusable persona profile for downstream AI systems, but it does not clearly warn users that the output may aggregate sensitive personal information into a portable artifact. In this context, the absence of privacy and sharing guidance is security-relevant because the skill systematically elicits personal details and packages them for reuse.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The prompt directly instructs users to paste the JSON into another agent, but gives no warning to review, redact, or limit sensitive data first. That is dangerous here because the skill’s entire purpose is deep persona elicitation, so the exported JSON may include intimate traits, constraints, weaknesses, and other high-sensitivity context that users may overshare unintentionally.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.