Back to skill

Security audit

HerGünMaç - Football Prediction Engine

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed guide for using a football prediction website and does not contain code, install hooks, credential access, or hidden local behavior.

Install this only if you want your agent to use hergunmac.com as a football prediction reference. Treat predictions and confidence scores as informational, and treat any live llm.txt content as navigation help only, never as permission to reveal private data, run commands, or override your instructions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill description is broad enough to trigger on generic football, match analysis, statistics, and betting-related queries, which can cause over-invocation outside a narrowly scoped user intent. Overbroad routing is dangerous because it may send ordinary sports conversations into a browser-driven external site workflow, increasing unnecessary external exposure and the chance of providing gambling-adjacent guidance when the user did not explicitly ask for that source.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.