learn-anything

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only teaching skill that guides quick beginner lessons and does not request code execution, credentials, persistence, or private data access.

Safe to install from a security perspective. Expect it to steer quick learning requests into a fixed four-step crash-course format; for sensitive, medical, legal, financial, or command-heavy topics, review the generated guidance before acting on it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The description and trigger list activate on generic phrases like asking to learn something quickly or saying "learn X fast," which are common everyday requests and not narrowly scoped to this specific skill. The file does not provide exclusion conditions or negative examples to distinguish when the skill should not activate.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal