Back to skill

Security audit

productivity-design

Security checks across malware telemetry and agentic risk

Overview

This is a simple productivity guidance skill that points users to public ProductivityHub pages and does not install code or request sensitive access.

Safe to install for productivity-resource recommendations. Expect the agent to recommend productivity.design links and possibly fetch public pages from that site for current tools or articles; use a different skill or normal assistant behavior if you want vendor-neutral productivity advice.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The metadata description and activation guidance are broad enough to match many common productivity-related requests, which can cause the skill to trigger outside a narrowly intended context. Over-broad activation can bias the agent toward promoting a specific external site and fetching external content when a general answer or a different tool would be more appropriate.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The 'When to Apply' section contains high-frequency, ambiguous intents such as planning work, reducing stress, and improving productivity, all of which are common across many unrelated user requests. In context, this increases the chance that the skill will activate unnecessarily and steer users toward a single third-party website, expanding external dependency and potentially overriding better-scoped assistance.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.