Back to skill

Security audit

Diting

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only HR diagnosis skill with disclosed sensitive-data handling rules and no executable install or hidden behavior found.

Before installing, treat this as an advisory HR analysis skill that may process sensitive employee, compensation, performance, or labor-risk information. Use anonymized inputs where possible, do not approve storage of case summaries unless appropriate, and verify legal, compensation, or personnel decisions with qualified humans and current company policy.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The skill declares itself as an HR deep organizational diagnosis system, but it also includes an administrative/office-operations expert module. That broadens authority beyond the stated purpose and increases the chance the agent will handle unrelated operational tasks with inappropriate confidence or access assumptions. In an HR context, this scope creep is risky because users may trust the skill for decisions outside its validated domain.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill bundles AI application and AI transformation consulting capabilities that are materially broader than HR diagnosis. This creates functional overreach and can cause the agent to provide strategic technology or transformation advice under the trusted banner of an HR diagnostic tool, which weakens user consent and policy boundaries.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The implicit trigger keywords are very broad terms like 'why,' 'recently,' or 'feel,' which commonly appear in ordinary conversation. This can cause the system to suggest or initiate heavyweight diagnostic behavior when the user only wanted a simple answer, creating consent and scope-escalation risk.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.