Auto Summarization Loop

Security checks across malware telemetry and agentic risk

Overview

This is a coherent conversation-memory helper, but it should only be used where users understand that summaries and profile facts may be retained.

Install or adapt this only if you want the agent to maintain conversation summaries and user profile facts across turns or sessions. Before production use, decide where memory is stored, which model provider receives summaries, what personal data is allowed, and how users can inspect, edit, expire, or delete stored memory.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
System Prompt LeakageDirect Leakage, Indirect Extraction, Tool-Based Exfiltration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill explicitly defines storage of core memory, working memory, long-term summaries, and user facts, but provides no privacy notice, retention limits, consent model, or guidance for handling sensitive data. In a conversation system, this creates a real risk of over-collection and indefinite retention of personal information, especially when summaries may preserve sensitive details beyond the user's expectations.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill instructs the system to extract and preserve personal facts such as name, location, occupation, and preferences for future prompt construction, without any safeguard about necessity, consent, or sensitivity filtering. This is dangerous because it operationalizes profiling of users in long-term memory and can expose private data through prompt leakage, unauthorized access, or secondary use.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The summarization flow sends accumulated conversation content, including prior summaries and potentially sensitive user facts, to a model callback without any built-in consent, minimization, redaction, or disclosure controls in this module. In a memory-management skill, this is security-relevant because it can silently expand the scope of data shared with another model/service and increase privacy exposure if secrets, personal data, or system prompts are included in the summarized text.

Ssd 3

Medium

Confidence: 94% confidence
Finding: The design intentionally retains structured personal details and conversation summaries in long-term memory, increasing the persistence and accessibility of user data across sessions. In this context, the memory architecture makes the issue more dangerous because it normalizes durable storage of potentially sensitive conversational content without any stated boundary on retention, sensitivity classification, or downstream access.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal