Security audit

Bazi Fortune Analysis

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only BaZi fortune-analysis skill that asks for birth details relevant to its stated purpose and does not include code, installs, credentials, or data transfer behavior.

Only share the minimum birth details you are comfortable providing, and avoid adding unrelated identifiers such as a full address, ID numbers, or contact information. Treat the output as cultural or entertainment guidance, not as medical, legal, financial, or other professional advice.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill explicitly instructs collecting birth date, time, place, and gender, which are sensitive personal data points and can be highly identifying when combined. Although the skill mentions respecting privacy, it does not provide an explicit user warning, consent flow, data minimization guidance, or retention/handling limits before collection.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.