social-persona-switcher

Security checks across malware telemetry and agentic risk

Overview

This is a text-only humor skill that rewrites a user’s sentence into exaggerated social personas and does not request code execution, credentials, network access, files, or persistence.

Install this only if you want an entertainment-style rewrite helper that may respond to ordinary sentences with exaggerated persona versions. Review outputs before posting or sending them in sensitive conversations.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

High

Confidence: 95% confidence
Finding: The trigger condition is effectively 'any user sentence' plus several common phrasing examples, making the skill eligible to activate during ordinary conversation without strong user intent. In an agent environment, this can cause unintended persona-transformation behavior, override normal assistant responses, and create confusing or unsafe outputs when the user did not explicitly request the skill.

Natural-Language Policy Violations

Medium

Confidence: 85% confidence
Finding: The skill mandates automatic Chinese/English output selection based solely on input language rather than clear user choice. While not highly severe, forced output behavior can override user expectations, reduce transparency, and make the assistant behave in ways the user did not explicitly request, especially in multilingual contexts.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal