Back to skill

Security audit

Personal Self

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent personal-profile template, but it asks users to store a very broad set of sensitive real-life details in a reusable skill file.

Install only if you intentionally want a persistent local self-profile skill. Avoid entering exact financial details, medical conditions, home/work locations, names of private contacts, internal access permissions, or anything you would not want reused in future assistant sessions or exposed through a shared/synced skill directory.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger list includes very generic phrases such as “我的角色”, “个人模板”, and “填充个人信息”, which can plausibly occur in normal conversation and unintentionally activate the skill. Because this skill changes assistant behavior and solicits sensitive profile data, accidental activation can lead to unintentional collection or persistence of personal information under the wrong context.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The invocation model relies on natural-language commands like “填充个人信息”, “重置全部”, and “填充[维度名]” without a strict activation protocol. That ambiguity increases the chance that ordinary discussion about roles, personal data, or resetting state is misinterpreted as an instruction to modify stored profile data or enter a sensitive data intake flow.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill explicitly instructs users to paste real personal information and to edit/write it into a skill file, including highly sensitive categories such as identity, relationships, health, resources, permissions, and social graph data. Although a later note mentions confirmation, the warning is not front-loaded, does not clearly describe retention, visibility, or downstream exposure risks, and therefore fails to provide meaningful informed consent before collection.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
This template systematically solicits a large volume of highly sensitive personal data, including identity, family, health, location, resources, relationships, and permissions, but provides no data-minimization, consent, storage, or sharing warning. In skill context, this is more dangerous because it is explicitly designed for users to replace placeholders with real information, creating a ready-made prompt for mass collection and possible misuse of personally identifiable and profiling data.

Natural-Language Policy Violations

Medium
Confidence
93% confidence
Finding
The skill prescribes Chinese as the default response language when user-specific language data is not filled, which can override or bias the assistant's behavior without explicit user opt-in. This is risky because it can cause incorrect localization, exclude users who do not want Chinese output, and create hidden behavioral steering in a persona skill that should remain user-configurable.

Natural-Language Policy Violations

Medium
Confidence
96% confidence
Finding
The default assumption of 'contemporary urban Chinese resident (Chinese native speaker)' embeds a specific cultural and linguistic identity into the skill without user choice. In a personal identity template, this is more dangerous because it can misrepresent the user, leak unintended assumptions into downstream responses, and normalize culturally biased persona construction as if it were neutral.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.