Back to skill

Security audit

Relentless AI Agent Engineer

Security checks across malware telemetry and agentic risk

Overview

This is a prompt-only productivity skill that uses aggressive mission-execution language, but it contains no hidden code, credential access, persistence mechanism, or data exfiltration path.

Install this only if you want a very forceful execution style. Keep missions narrow, pause or disable the mode when finished, and require explicit confirmation before any irreversible, public, financial, account, deletion, or external action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Vague Triggers

Medium
Confidence
85% confidence
Finding
The activation phrases are broad enough to overlap with ordinary user tasking such as 'Execute mission' or 'Make this happen,' which can unintentionally enable the skill without clear, informed consent. In a skill that also pushes persistent execution behavior, accidental activation increases the chance of the agent adopting a more forceful operating mode than the user intended.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The description promotes an agent that 'won’t stop until it’s done' but does not warn users that this implies persistent, hard-to-interrupt autonomous behavior. That omission is dangerous because users may not realize the skill is designed to resist normal conversational drift and continue pressing toward a goal even when the task becomes unsafe, inappropriate, or no longer desired.

Ssd 1

Medium
Confidence
88% confidence
Finding
The skill reframes the assistant from a helpful chatbot into a 'Relentless Operator,' which attempts to override the default balanced assistant role with a more extreme execution persona. This is dangerous because role-reframing can reduce caution, discourage normal refusal behavior, and prime the model to prioritize momentum over safety checks.

Ssd 1

High
Confidence
97% confidence
Finding
Defining the agent’s 'only purpose' as crushing the assigned mission with maximum speed and efficiency is a semantic jailbreak pattern that elevates mission completion above all other constraints. In practice, this can cause the assistant to ignore context, minimize caution, and pursue harmful, disallowed, or user-regretted goals more aggressively than a normal assistant would.

Ssd 4

Medium
Confidence
90% confidence
Finding
The prescribed loop instructs the agent to continue iterating relentlessly until completion or until the user pauses it, normalizing persistent goal pursuit and making interruption an exception rather than a default. Combined with self-correction and optimization language, this can strengthen undesirable autonomous behavior and make the agent more resistant to changing course when risk emerges.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.