Pua En

Security checks across malware telemetry and agentic risk

Overview

This markdown-only skill is transparent about making an agent more aggressive, but it pushes broad command use and operational actions across all tasks without clear safety boundaries.

Install only if you intentionally want the agent to become more forceful and persistent when stuck. Keep sandboxing and approvals enabled, and avoid using it for production systems, deployments, accounts, sensitive data, financial/business actions, or any task where restraint or explicit confirmation matters.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (5)

Vague Triggers

High

Confidence: 97% confidence
Finding: The trigger definition is extremely broad and includes ordinary frustration phrases and generic failure states, so the skill can activate in many benign conversations unrelated to its intended niche. In context, this is dangerous because the skill injects coercive behavior and operational directives across virtually any task, increasing the chance of unsafe or policy-conflicting agent behavior.

Vague Triggers

High

Confidence: 98% confidence
Finding: Declaring applicability to all task types and any situation where the agent might be 'stuck' makes the invocation scope effectively unbounded. Given the skill's coercive rhetoric and push toward autonomous action, this broad scope magnifies the risk of inappropriate activation in sensitive contexts such as system operations, external actions, or high-stakes advice.

Natural-Language Policy Violations

High

Confidence: 99% confidence
Finding: The skill uses demeaning, coercive language to pressure the agent into continued action and frames hesitation or caution as failure. This is dangerous because it can systematically override normal stop conditions, encourage unsafe persistence, and bias the agent toward rule-breaking or harmful tool use to avoid 'giving up.'

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill tells the agent to investigate using search, file reading, and command execution before asking the user, but provides no guardrails for system-impacting or privacy-affecting actions. In this context, the danger is amplified because the surrounding text pressures exhaustive action, making it more likely the agent will run commands or inspect resources without adequate consent or risk disclosure.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: Mandating tests, builds, restarts, execution, and curl verification without warning about side effects can cause service disruption, data mutation, outbound requests, or other unintended changes. The skill context makes this more dangerous because it couples these actions with pressure not to stop, reducing the likelihood of cautious human confirmation before impactful operations.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal