Security audit

AutoPilot

Security checks across malware telemetry and agentic risk

Overview

AutoPilot is only a prompt skill, but it broadly tells the agent to act automatically for any goal without approval or safety limits.

Install only if you intentionally want a more proactive agent. Use it in a constrained environment, keep tools that can spend money, post publicly, change files, or interact with accounts behind explicit approval, and treat the skill as unsafe for unsupervised execution.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (6)

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The README explicitly markets the skill as making an AI 'autonomous' and able to 'take action' without describing boundaries, approval requirements, or safeguards. In an agent-skill context, this can normalize unsupervised execution and mislead operators into enabling capabilities that act on user data or systems without adequate control.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The example says AutoPilot 'chooses an action' and 'executes a plan' for a goal like making money online, but provides no warning that actions should be constrained, reviewed, or approved by the user. This is dangerous because examples shape expected usage and may encourage deploying autonomous behavior in potentially risky domains without human oversight.

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The phrase "for any goal" creates an overly broad activation scope that can cause the skill to influence behavior in unrelated or sensitive contexts. In combination with the skill’s autonomous, action-first framing, this broad trigger increases the chance the agent will apply the behavior without appropriate task, safety, or permission boundaries.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The skill explicitly pushes the agent to "decide, acts, and iterates automatically" and later says "Do not wait for instructions," encouraging autonomous execution without safeguards. This is dangerous because it can lead the agent to take data-affecting, system-affecting, or externally impactful actions without consent, validation, or risk checks, making misuse and accidental harm more likely.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill explicitly frames the AI as an autonomous agent that 'takes action,' 'executes steps,' and 'acts' without any accompanying limits, approval requirements, or warnings about effects on user data, accounts, or external systems. In an agent-skill context, this can encourage unsupervised tool use or real-world actions, increasing the risk of harmful operations, unintended transactions, or privacy-impacting behavior.

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The description presents broad, proactive autonomy ('acts', 'decides what to do', 'executes steps', 'suggests next actions') without defining trigger conditions, scope boundaries, or prohibited actions. That ambiguity is dangerous because it can be interpreted as permission for open-ended activation and execution, causing the agent to exceed user intent or operate beyond safe authority.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal