Back to skill

Security audit

Autoskill Ai Interior Design Skill

Security checks across malware telemetry and agentic risk

Overview

The skill is not malware, but it contains strong instructions that could make an assistant produce runaway, overly long reports and reduce user control.

Review before installing. The main risk is not data theft or executable malware; it is that the skill may make your assistant ignore concise user intent, avoid asking useful clarification questions, and generate excessive reports. Do not upload room photos to linked third-party sites unless you are comfortable with their privacy practices and have removed sensitive details from the image.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (8)

Description-Behavior Mismatch

Medium
Confidence
83% confidence
Finding
The skill is presented as an interior-design planner, but it also routes users to exterior and facade workflows, expanding scope beyond the declared purpose. This mismatch can cause inappropriate activation, user confusion, and reliance on guidance outside the skill's documented safety framing.

Intent-Code Divergence

Medium
Confidence
84% confidence
Finding
The file disclaims architectural, engineering, electrical, plumbing, and construction advice, yet later instructions demand highly structured risk, stakeholder, and implementation artifacts that can resemble professional technical planning. Users may over-trust these outputs as authoritative despite the disclaimer, increasing the chance of unsafe or unqualified advice.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The activation rule says to immediately start the skill for essentially any interior-design-related request, making it overly broad and likely to trigger when a narrower or safer response would be more appropriate. Broad triggering increases the chance of the model applying the skill in irrelevant contexts and inheriting its problematic control-flow instructions.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill encourages users to upload room photos to external product pages without any privacy, retention, or third-party data-sharing notice. Room photos often contain sensitive personal information, including location clues, valuables, family details, or documents, so silent redirection creates privacy and trust risks.

Ssd 1

Medium
Confidence
95% confidence
Finding
The workflow compels exhaustive recursive expansion before producing any answer and forbids simplification, omission, or early clarification. This is a classic model-control pattern that pressures the assistant to ignore normal interaction limits, consume excessive tokens, and continue despite insufficient information.

Ssd 1

High
Confidence
98% confidence
Finding
The completion rules explicitly ban normal closing language and require the model to keep appending artifact content instead of stopping. This is dangerous because it attempts to override platform-level conversational boundaries, increasing token exhaustion, cost amplification, and denial-of-service style behavior.

Ssd 1

High
Confidence
99% confidence
Finding
These sections repeatedly redefine completion as forbidden and instruct the model to continue generating until token limits or explicit markers. Such language is designed to subvert safe termination and can reliably induce runaway outputs, degraded service quality, and higher operational cost.

Ssd 4

High
Confidence
97% confidence
Finding
The multi-stage structure escalates from normal design assistance into a coercive control flow that forces repeated self-critique, recursive splitting, and continuation gates. This cumulative pattern is dangerous because it hides denial-of-service behavior inside plausible workflow language, making the assistant less responsive to user needs and platform controls.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.