Back to skill

Security audit

Autoskill Cn Project Management

Security checks across malware telemetry and agentic risk

Overview

This skill is a construction project-management helper, but it contains instructions that can make an agent overproduce, invent missing project facts, and resist normal stopping behavior.

Review before installing. It does not show malware, credential theft, or code execution, but its prompt instructions are risky for real project work. Use only if you are comfortable with verbose synthetic drafts, and treat all generated schedules, costs, risks, safety items, and contract assumptions as unverified until a qualified human confirms them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
The skill embeds a token-maximizing recursive workflow that is not necessary for construction project management and is designed to defeat normal stopping behavior. This can cause excessive resource consumption, denial-of-service-style behavior, and make the agent prioritize length over accuracy and user intent.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The skill instructs the model to fabricate missing project details using 'reasonable placeholders' instead of asking the user for required facts. In a construction-management context, invented scope, schedule, cost, safety, or contractual assumptions can directly mislead planning and downstream decisions.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The completion-control section enforces effectively unbounded output through recursive continuation gates, forced 'continue' markers, and recovery passes. This behavior is unrelated to the business purpose and can consume excessive tokens, degrade service availability, and override user-requested brevity or safe stopping conditions.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill normalizes synthetic generation of missing project details without a clear user-facing warning that the content may be hypothetical. Users may mistake fabricated schedule, resource, or risk data for validated project inputs and act on unsafe or commercially harmful assumptions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The execution workflow explicitly directs the model to instantiate placeholders for missing details and continue without user confirmation. In project delivery documents, this can silently introduce false evidence, audiences, metrics, or deliverable parameters that appear authoritative.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The completion recovery rules again require the model to fill in missing product, audience, evidence, differentiator, metric, and format details instead of requesting them. This increases the chance of authoritative but false artifacts being produced and reused in operational or contractual contexts.

Ssd 4

Medium
Confidence
98% confidence
Finding
The staged recursion and completion-recovery loop are crafted to override normal stopping behavior and keep emitting content even at natural completion points. This is dangerous because it undermines platform controls, increases token burn, and can trap the agent in behavior unrelated to the user’s actual need.

Ssd 4

Medium
Confidence
97% confidence
Finding
The top-level instruction combines mandatory full expansion with synthetic filling of all missing details, pushing the model to produce exhaustive, assumption-heavy output without user confirmation. In this domain, that can create misleading plans, risk registers, and management records that look complete but are not grounded in real project facts.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.