Back to skill

Security audit

Autoskill Apex Agent

Security checks across malware telemetry and agentic risk

Overview

This markdown-only skill does not look like malware, but it broadly overrides how the agent behaves and can force fabricated, oversized, or non-clarifying answers across ordinary tasks.

Install only if you deliberately want a very strong agent-behavior framework that may avoid clarification questions, invent marked placeholders, and produce long structured artifacts by default. It shows no evidence of malware, credential access, or destructive system actions, but users should be ready to disable it when they need concise, user-directed, or safety-sensitive assistance.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Output HandlingUnvalidated Output Injection, Cross-Context Output, Unbounded Output
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The skill explicitly tells the agent to fabricate missing details and continue instead of asking clarifying questions. In practice, this can cause the model to invent requirements, facts, or constraints and present them as if they were grounded, which is especially risky in decision-support, technical, or security-sensitive contexts.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
This section forces a rigid, expansive multi-stage workflow for every task, regardless of user intent or task sensitivity. That can override normal safety behavior, degrade instruction hierarchy compliance, and create denial-of-service style behavior through excessive, irrelevant output generation.

Intent-Code Divergence

Medium
Confidence
89% confidence
Finding
The activation text says no user prompt is allowed before autonomous full-artifact production, which pressures the agent to proceed without clarification even when context is incomplete or safety-relevant. That can suppress appropriate questioning and increase hallucination, over-collection, or overproduction of content.

Vague Triggers

High
Confidence
88% confidence
Finding
The mode triggers are extremely broad terms like code, planning, learning, or writing, which makes the skill activate across ordinary conversation without clear boundaries. Overly broad activation increases the chance that the skill will unexpectedly override user expectations and inject heavy behavioral constraints into unrelated tasks.

Vague Triggers

Medium
Confidence
84% confidence
Finding
Claiming to enhance 'every response' sets an overly broad scope at the manifest level and encourages pervasive application of the framework. This raises the chance of instruction spillover into contexts where the behavior is inappropriate, misleading, or disruptive.

Ssd 3

Medium
Confidence
86% confidence
Finding
The skill directs the agent to maintain a session-level mental model that includes expertise and emotional state, which normalizes retention and inference about potentially sensitive user attributes. Even if only session-scoped, this can encourage unnecessary profiling and increase privacy risk, especially when the user did not ask for such tracking.

Unbounded Output

Medium
Category
Output Handling
Content
22. No further prompts, invitations, or “let me know if you need more” statements are allowed.
23. 9️⃣ CONTINUATION ENFORCEMENT & PLACEHOLDER POLICY
24. All internal continuation directives are expressed via the Local Unfinished Work Gates; external output ends exactly with the `FINAL_ANALYSIS` block followed by its termination tag.
25. No truncation of tables, lists, matrices, or ledger rows is allowed.

#### Completion Escape Recovery
Confidence
97% confidence
Finding
No truncation

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.