Internet Lookup Verifier

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only skill that uses web lookup to verify factual answers, with the main caveat that searched questions may leave the assistant context.

Safe to install for public factual verification. Avoid asking it to verify questions that contain secrets, private personal details, proprietary business information, or regulated data, because those details may be included in web searches or page fetches.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger conditions are broad enough that the skill may activate for many ordinary factual prompts, especially when another prompt or skill requests verification. That can cause unnecessary external lookups, expand the attack surface for prompt-routing abuse, and lead to unintended disclosure of user queries to web tools.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill sends user questions to external web_search and potentially web_fetch services without clearly warning that user content may leave the local assistant context. This creates a privacy and data-handling risk, especially if users ask questions containing sensitive, proprietary, or regulated information.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal