agent resilience

Security checks across malware telemetry and agentic risk

Overview

This instruction-only memory skill is transparent about its purpose, but it asks the agent to persist broad conversation details and raw messages without clear consent, filtering, or retention boundaries.

Install only if you want persistent local task memory. Avoid using it during conversations containing secrets, personal data, customer data, credentials, or proprietary material unless you add explicit rules to skip sensitive content and routinely inspect or delete the memory files.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (5)

Missing User Warnings

High

Confidence: 98% confidence
Finding: The skill directs the agent to persist user-provided details, decisions, names, values, and corrections to a local memory file before responding, without notice, consent, retention limits, or sensitivity filtering. This creates a concrete data-retention risk because sensitive or identifying information may be stored and later exposed to other tasks, users, or future responses.

Missing User Warnings

High

Confidence: 99% confidence
Finding: The working-buffer guidance instructs logging every exchange, including raw human messages, once context reaches a threshold. Persisting full conversation content without warning or filtering materially increases the chance of storing credentials, personal data, proprietary content, or regulated information that can later be disclosed or mishandled.

Ssd 3

Medium

Confidence: 95% confidence
Finding: The WAL instructions tell the agent to capture broad classes of user-provided information and store them for later reuse, which creates a semantic memory channel for sensitive data. Even if intended for resilience, retaining corrections, names, IDs, URLs, and decisions can lead to cross-turn leakage, inappropriate reuse, or disclosure in later outputs.

Ssd 3

High

Confidence: 99% confidence
Finding: Logging every exchange, especially raw human messages, creates a broad natural-language capture surface that can silently retain highly sensitive inputs. Because the skill later reads and uses this buffer for recovery, the retained content may be surfaced back to the model and indirectly disclosed in future responses.

Ssd 3

Medium

Confidence: 93% confidence
Finding: The compaction recovery flow instructs the agent to read prior buffers and notes to reconstruct context, which increases the chance that previously stored sensitive information is reintroduced into active context and exposed in later responses. This turns earlier over-collection into a replay and leakage risk, especially across long or mixed-purpose sessions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal