Back to skill

Security audit

chat-thinking

Security checks across malware telemetry and agentic risk

Overview

This is a small, purpose-aligned skill that sends the user's prompt to a ZeroGPU thinking model and returns its visible reasoning, with privacy caution for sensitive prompts.

Install only if you are comfortable sending the prompt text to ZeroGPU and receiving visible reasoning in the transcript. Do not include secrets, credentials, private personal data, or confidential business information unless you intend to share it with that external model service.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill sends the raw user prompt to an external ZeroGPU service, but the description and usage guidance do not warn users that their input leaves the local agent boundary. This can lead users to disclose sensitive data under the false assumption that the interaction is local, creating confidentiality and data-handling risks.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill advertises that it returns a visible reasoning trace, but does not warn that this output may echo or transform sensitive user inputs into the final response. That increases the risk of exposing confidential data in logs, transcripts, screenshots, or downstream tool chains that capture model output.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.