Security audit

Jewish Parsha Summary

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent Torah portion summary helper that only uses public web APIs and does not request credentials or system access.

Before installing, expect the skill to make internet requests to Hebcal and Sefaria when used. If you discuss Torah topics generally, be aware its broad triggers may activate for related phrases; otherwise no credentials, local data access, persistence, or system-changing behavior was found.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 83% confidence
Finding: The trigger phrases are broad enough to match ordinary religious discussion requests, which can cause the skill to activate unexpectedly and route user conversations through a network-enabled workflow. In context this is not overtly malicious, but overbroad triggering can lead to unintended invocation, unnecessary external data access, and reduced user/control transparency.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.