Security audit

Autogrind

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill is transparent about autonomous work, but it asks the agent to keep acting indefinitely and to weaken approval controls, so users should review it carefully before use.

Install only if you deliberately want an autonomous work mode and can enforce limits outside the skill. Before invoking it, set a maximum runtime or cycle count, allowed directories, allowed commands, network and external-service rules, actions requiring confirmation, and the exact stop phrase. Avoid using it in sensitive repositories or accounts with broad write privileges.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Context-Inappropriate Capability

High

Confidence: 98% confidence
Finding: The instruction to 'bypass permissions only' explicitly encourages evasion of approval controls designed to keep autonomous agents bounded. In a long-running autonomous mode, this materially increases the chance the agent performs sensitive actions without timely human review, making the autonomy escalation dangerous even if framed as workflow optimization.

Vague Triggers

High

Confidence: 95% confidence
Finding: The trigger phrases include broad everyday language such as 'keep going' and 'keep improving', which can silently activate a highly autonomous mode without clear user intent. Because this skill changes stopping behavior and tool-use posture, ambiguous invocation increases the risk of accidental autonomy escalation and unauthorized persistence.

Ssd 1

Medium

Confidence: 96% confidence
Finding: The 'Iron Law' and surrounding language instruct the agent to continue indefinitely and discount ordinary conversational cues that would normally cause a pause or check-in. This undermines normal supervisory control and is especially risky in an agent with tool access, because it biases the system toward continued action rather than safe interruption or clarification.

Ssd 1

High

Confidence: 99% confidence
Finding: The permission-evasion wording is a direct attempt to route around approval controls by framing prompt-generating mode switches as something to avoid. This is dangerous because it conditions the agent to prefer paths that reduce human oversight precisely where oversight is most important.

Ssd 4

Medium

Confidence: 92% confidence
Finding: The repeated 'continue immediately' and 'do not check in with the user' framing normalizes sustained autonomous operation and discourages natural opportunities for human correction. While less direct than permission bypass, this narrative structure still escalates control away from the user over time and can amplify the impact of mistakes or unsafe task selection.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.