Persona Pack Builder

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent persona/prompt-pack builder whose local file generation is disclosed and purpose-aligned.

Install only if you want a workflow that helps create persona/prompt pack files. Run the optional Python generator in a new empty output folder, review generated prompts before publishing or selling them, and avoid requests that impersonate real people or market a persona as a real individual.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 93% confidence
Finding: The skill explicitly instructs the agent to read local references/templates and to write multiple output files, and even to invoke a local packaging script, yet it declares no permissions. This creates a capability/permission mismatch: users or the platform may believe the skill is non-file-operating when it is designed to perform file I/O, which weakens reviewability, consent, and sandbox enforcement.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The trigger examples are open-ended productization requests without clear scope limits, exclusions, or safety gating. In a skill designed to build and package persona/prompt products, broad activation language can cause the agent to engage on requests that drift into unsafe persona creation, manipulation, or other policy-sensitive prompt packaging without first checking boundaries.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal