Security audit

Review my skill

Security checks across malware telemetry and agentic risk

Overview

This is a coherent prompt-review skill with no executable code or hidden side effects, but users should avoid pasting secrets into files they ask it to review.

Use this skill for deliberate prompt and agent-file reviews. Before pasting a SOUL.md, SKILL.md, system prompt, or AGENTS.md, remove API keys, passwords, customer data, proprietary strategy, and anything you would not want included in the model session.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The README states the skill can be invoked not only by an explicit command but also when a user 'just paste[s] an agent instruction file in a conversation where the skill is active.' That creates an overly broad activation condition that may cause unintentional processing of pasted content, increasing the chance of surprise execution, data exposure, or prompt-driven behavior on content the user did not mean to submit to this skill.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal