Prompt Engineering Mastery

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only prompt-engineering guide; its broad trigger examples are a scoping note, not evidence of unsafe behavior.

Safe to install as a prompt-engineering reference. Be aware that generic phrases like "Review this prompt" may invoke the skill during ordinary prompt-writing conversations; use explicit wording if you want tighter control.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The README's trigger phrases are extremely generic (for example, 'Write a prompt for [any task]' and 'Review this prompt'), making it likely the skill will activate during ordinary user interactions rather than only when explicitly intended. Broad activation increases the chance of prompt-surface hijacking, unexpected tool behavior, or unreviewed prompt-generation assistance being injected into unrelated workflows.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The skill exposes broad natural-language command triggers such as 'Write a prompt for [task]' and 'Review this prompt' without any explicit invocation boundary or disambiguation mechanism. In an agent environment, these phrases can overlap with normal user conversation and cause unintended capability activation, prompt rewriting, or behavior switching.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal