Back to skill

Security audit

Ultimate Sleep Science

Security checks across malware telemetry and agentic risk

Overview

This is a text-only sleep education skill with no code or data access, though users should treat its health guidance as educational rather than medical advice.

Install this if you want an educational sleep-science reference. Do not rely on it for diagnosis or treatment, medication or supplement decisions, pregnancy, children, psychiatric conditions, chronic illness, suspected sleep disorders, or persistent symptoms; consult a qualified clinician in those cases.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill is advertised for anything broadly 'related to sleep,' which can cause over-triggering in many ordinary conversations and route users into a rigid, self-contained knowledge base when a narrower or more context-aware response would be safer. In a health-adjacent domain, unintended invocation increases the chance the agent gives formulaic advice without first establishing whether the user is seeking casual information, medical guidance, or urgent clinical help.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal