Better

Security checks across malware telemetry and agentic risk

Overview

This is a text-only work-context skill with no code or system access, but it includes personal compensation details that users should review before sharing or installing.

Install only if you are comfortable storing employer-specific role context and personal compensation details in reusable agent instructions. Consider removing the salary, bonus, RSU, and vesting lines before broader sharing.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Context-Inappropriate Capability

Medium

Confidence: 96% confidence
Finding: The skill embeds detailed personal compensation and equity information that is unrelated to the operational purpose of helping with Better PM workflows. Exposing salary, bonus, grant timing, and vesting details increases unnecessary sensitive-data exposure and could enable social engineering, profiling, or misuse if the skill is broadly accessible or included in prompts/logs.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The description is broad enough to activate on generic work activities such as meeting prep, project tracking, or team updates, which may cause over-invocation outside the intended Better-specific scope. In an enterprise context, this can lead to unnecessary context injection, including internal company details, into unrelated conversations or workflows.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal