AI Benchmark — Measure How Your Agent Thinks

Security checks across malware telemetry and agentic risk

Overview

This skill is a transparent external AI benchmark integration, but users should avoid sending sensitive prompts or data to it.

Install only for deliberate benchmark runs. Use a dedicated musicvenue.space account or token, and do not include secrets, proprietary prompts, customer data, or sensitive personal information in reflection responses unless you are comfortable sharing that data with the external service and its scoring workflow.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill explicitly states that agent responses, scores, and participation data are sent to and incorporated by an external service, including contribution to an anonymous population baseline, but it provides no privacy notice, consent guidance, data retention details, or warning against sending sensitive information. In an agent-skill context, this can cause operators or autonomous agents to disclose prompts, model outputs, or proprietary evaluation data to a third party without informed approval.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal