NoPUA Lite

Security checks across malware telemetry and agentic risk

Overview

This is a single Markdown instruction skill that encourages persistent troubleshooting; its broad scope is disclosed and it does not install code or request credentials.

Install this where you want the agent to be more persistent and self-directed. For sensitive files, destructive operations, accounts, or policy-bound work, keep normal permission prompts and confirmation requirements in place because the skill encourages investigation before asking.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The skill declares that it applies to 'all task types' and activates on broad, subjective conditions such as being 'about to give up' or showing 'passive behavior.' That creates policy spillover risk: the skill can influence unrelated tasks and push the agent toward unnecessary persistence or tool use beyond the user’s actual request, increasing the chance of overreach, scope creep, and unsafe autonomous behavior.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal