Flow State

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only productivity prompt with no code or access requests, though it encourages a faster and less self-checking style.

Install this only if you want the agent to adopt a faster, less deliberative working style. Avoid relying on it for security, legal, financial, medical, destructive, compliance, or other high-stakes work where careful review and verification matter.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The skill description is framed in highly general terms ('Execute at peak performance') without clear boundaries on when it should or should not apply. In an agent setting, this can cause the skill to activate across many unrelated tasks and bias the model toward speed, reduced self-checking, and broad behavioral override, which can degrade safety-sensitive decision making.

Vague Triggers

Medium

Confidence: 96% confidence
Finding: Saying the skill 'Works with any other skill — just layer it on top' makes it an unrestricted meta-instruction that can modify the behavior of otherwise bounded skills. Combined with language like 'Don't audit yourself mid-stream,' this increases the chance it suppresses caution, validation, or guardrail-like behaviors in contexts where careful review is necessary.

VirusTotal

53/53 vendors flagged this skill as clean.

View on VirusTotal