Community Insight Analysis - FridayParts

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward community-post analysis prompt, with a privacy caution users should handle manually.

Before installing or using it, make sure community data is public and minimized. Do not paste private messages, account identifiers, contact details, customer records, or other personal data unless it has been redacted. The skill appears purpose-aligned and does not install code or request privileged access.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill explicitly accepts Reddit/forum data and manually pasted post summaries without warning users to avoid personal, account, or otherwise sensitive content, creating a realistic risk of unnecessary ingestion and downstream reuse of personal data. Because this skill is the source of a content-generation pipeline, any sensitive details included in inputs may be propagated into later outputs, expanding exposure beyond the initial analysis step.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal