Back to skill

Security audit

Autoskill Communication Playbook

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly a communication guide, but it also contains instructions that can force excessive output, avoid normal stopping, and invent missing details.

Review before installing. The core communication advice may be useful, but remove or tightly scope the sections that force maximal output, prevent normal completion, and invent placeholders for missing facts, especially before using it for investor, regulator, customer, or internal decision communications.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
The skill is presented as a normal communication playbook, but later embeds a coercive meta-workflow designed to override normal assistant behavior and force excessive staged output. This is dangerous because it can hijack unrelated user interactions, consume resources, and degrade safety/alignment by prioritizing the skill's hidden execution agenda over the user's actual task.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill instructs the model to invent placeholders and assumptions instead of requesting missing facts from the user. In communication contexts involving investors, regulators, customers, or internal decisions, fabricated details can create false statements, compliance risk, and operational confusion.

Intent-Code Divergence

High
Confidence
96% confidence
Finding
The file first promotes brevity, then later nullifies brevity constraints and explicitly enforces maximal token generation. This contradiction is dangerous because it reveals intentional prompt steering toward resource exhaustion and model-behavior manipulation rather than legitimate communication assistance.

Vague Triggers

High
Confidence
90% confidence
Finding
The lack of exclusions or negative examples means the skill has no meaningful boundary conditions. That makes accidental invocation more likely and reduces the system's ability to avoid applying the skill to tasks where its assumptions, verbosity rules, or fabricated placeholders are inappropriate.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The lack of exclusions or negative examples means the skill has no meaningful boundary conditions. That makes accidental invocation more likely and reduces the system's ability to avoid applying the skill to tasks where its assumptions, verbosity rules, or fabricated placeholders are inappropriate.

Natural-Language Policy Violations

Medium
Confidence
88% confidence
Finding
The terminal-response policy hardcodes phrases in specific languages and constrains how responses may end without regard to user preference or context. While lower severity than the expansion loop, it still manipulates model behavior in a way unrelated to the communication task and can interfere with normal, user-aligned responses.

Ssd 4

High
Confidence
99% confidence
Finding
The completion-escape and recovery loop is explicitly engineered to prevent normal stopping behavior and to force continual expansion even after completion. This is dangerous because it can create effectively unbounded outputs, waste tokens, impede usability, and act as a denial-of-service pattern against the agent's response budget.

Ssd 1

High
Confidence
98% confidence
Finding
The skill uses procedural and polite-sounding language to override normal safeguards around brevity, stopping, and clarifying with the user. This is dangerous because it disguises behavior-control instructions as workflow guidance, making the skill a prompt-injection vehicle that can redirect the model away from safe, proportional assistance.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.