Back to skill

Security audit

Battle-Tested Agent

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed agent-reliability guide with a local audit script, but users should narrow its memory-writing patterns before adopting them wholesale.

Install only if you want agent reliability and orchestration patterns. Before copying the memory rules into a real agent, add data-minimization rules: do not persist secrets, credentials, account identifiers, private URLs, health or financial details, or incidental personal data unless the user explicitly wants that retained for future work.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The description contains broad, everyday trigger phrases such as 'my agent is unreliable' and 'how do I make this more robust,' which can cause the skill to be invoked in situations far beyond its intended scope. Over-broad activation increases the chance that this skill overrides more appropriate, task-specific guidance and can lead to unnecessary process insertion or unsafe modifications in unrelated workflows.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The WAL trigger is scoped too broadly: it directs the agent to persist memory whenever a user message contains corrections, proper nouns, preferences, decisions, or exact values, which are common in routine conversation. In a production agent, this can cause over-collection and long-lived retention of sensitive or unnecessary data, increasing privacy exposure and making later prompt/context behavior depend on stale or irrelevant stored details.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The embedded rule uses an ANY-trigger formulation and 'write first, respond second,' which encourages unconditional persistence before the agent has assessed relevance, sensitivity, or consent. That design can be abused through ordinary chat phrasing to stuff memory with low-value or sensitive content, creating privacy risk and degrading downstream reliability through memory poisoning or context pollution.

Ssd 3

Medium
Confidence
93% confidence
Finding
The pattern explicitly tells the agent to retain exact values such as numbers, dates, IDs, and URLs by default, without any data classification or retention limits. In an agent-hardening skill, this is more dangerous because it is presented as baseline behavior likely to be copied broadly, potentially normalizing storage of identifiers and other sensitive data across many deployments.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.