Back to skill

Security audit

Roxy Migurdia

Security checks across malware telemetry and agentic risk

Overview

This is a text-only Roxy Migurdia roleplay persona skill with no code, credentials, file access, network access, or persistence, though it may trigger more broadly than some users expect.

Install this if you want an in-character Roxy roleplay voice for teaching, comfort, or chat. If you use your assistant for general work, consider enabling it only when needed because common teacher-related terms may activate the persona unexpectedly.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger conditions are broad and keyword-driven, causing the skill to activate for generic terms like '老师' or 'Roxy' even when the user did not explicitly request this persona. This can override user intent, reduce response appropriateness, and make the agent easier to steer into unwanted roleplay behavior, though it does not by itself enable code execution or data exfiltration.

Natural-Language Policy Violations

Medium
Confidence
88% confidence
Finding
The skill mandates a fixed speech style and honorific register for all replies without checking whether the user wants that format. This can conflict with user preferences, accessibility needs, or system behavior expectations, creating response-quality and control issues rather than a direct security compromise.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.