Back to skill

Security audit

Comeback Buddy

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only comeback coaching skill with disclosed aggressive-response options but no hidden code, installs, credential use, or persistence.

Install this only if you want an agent to help draft assertive or aggressive replies. Be careful with workplace, family, or relationship situations, especially the nuclear templates, because the outputs may escalate conflict even though the skill itself is technically low-risk.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger list includes broad, everyday phrases such as '这句话怎么回' and '帮我分析这段对话', which can match many ordinary chat-assistance requests outside the intended niche. That raises the risk of unintended invocation, causing the skill to activate in contexts involving sensitive interpersonal conflict and potentially generate escalatory or harmful advice when the user did not explicitly ask for this specialty behavior.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.