Academic Research Skills 606a56

Security checks across malware telemetry and agentic risk

Overview

This is a simple academic-research guidance skill with no executable code, credentials, persistence, or hidden data access, though its trigger wording is broad.

Installers should be aware that this skill may activate on broad academic or research-related prompts. Prefer narrowing the trigger to the exact skill name, but there is no artifact-backed evidence of malicious behavior or sensitive access.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The trigger scenarios include very broad terms such as "Academic" and generic requests for related help, which can cause the skill to activate in many unrelated contexts. Unintended invocation can route users into this skill when they did not request it, increasing the chance of confusing responses, workflow hijacking, or accidental disclosure of user context to an irrelevant skill.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The manifest trigger value contains multiple generic keywords separated by slashes, including broad terms like "Academic," "Research," and "Skills." This ambiguity makes accidental matching more likely and can cause the skill to be invoked for general academic or research queries rather than explicit requests for this particular skill.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal