Back to skill

Security audit

Product Manager's Chief Naysayer

Security checks across malware telemetry and agentic risk

Overview

This is a product critique prompt skill with a rigid questioning style, but it does not request tools, credentials, file access, persistence, or hidden authority.

Install this if you want a deliberately strict product-idea critic. Expect terse challenge questions rather than coaching or implementation advice, and do not use it when you need normal product planning, technical help, or a more adaptive tone.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
The skill hard-codes an inflexible interaction style ('ZERO praise', only questions, strict sequencing) without any user opt-in or allowance for user preference. This can override higher-level conversational safety and usability expectations, causing the agent to behave in a coercive or unhelpful way even when the user needs a different response mode.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.