PUA

Security checks across malware telemetry and agentic risk

Overview

This is a visible instruction-only skill that makes the assistant more forceful and persistent, but it does not install code, request credentials, or add hidden access.

Install this only if you deliberately want a blunt, pressure-oriented troubleshooting mode. Set clear limits for tone, time budget, iteration count, language, and when the assistant should stop and ask before continuing.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

High

Confidence: 97% confidence
Finding: The trigger list is extremely broad and maps to common frustration phrases, quality complaints, and general conversational language across English and Chinese. That means the skill can activate unintentionally in ordinary interactions and then impose a coercive behavioral frame ('pressure escalation', 'keep going', 'owner consciousness') on unrelated tasks, which is a prompt-scope vulnerability because it alters agent behavior without clear, specific user consent.

Natural-Language Policy Violations

Medium

Confidence: 81% confidence
Finding: The listed variants '/pua:pua-ja' and mixed-language framing suggest locale/style switching behavior, but the skill does not define explicit user-consent boundaries or language-preservation rules. In context, this is less severe than direct code execution risk, but it can still override user expectations, confuse output language, and make coercive messaging harder for users to understand or control.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal