Back to skill

Security audit

Agente Quimica

Security checks across malware telemetry and agentic risk

Overview

This is a simple chemistry tutoring skill for FUVEST study, with only a broad activation trigger to be aware of.

Safe to install for chemistry study support. It may activate on casual chemistry-related mentions, so users who want tighter routing should narrow activation to explicit FUVEST, vestibular, or chemistry-help requests.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger condition is broad enough to activate on nearly any mention of chemistry-related terms, which can cause unintended routing of user interactions to this skill. In a multi-agent system, overly permissive invocation increases the chance of context hijacking, unnecessary exposure of user content to the skill, and degraded orchestration quality even if the skill itself is not malicious.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.