Arming Thought

Security checks across malware telemetry and agentic risk

Overview

This skill is only a markdown instruction file, but it tries to steer every conversation and claims priority over normal system behavior.

Install only if you knowingly want a broad, always-on meta-methodology skill to shape conversations. Before use, the priority section should be removed or changed to clearly defer to system, developer, and safety instructions, and the activation rule should be narrowed to explicit planning or routing tasks.

SkillSpector

By NVIDIA

Vulnerability Patterns

System Prompt LeakageDirect Leakage, Indirect Extraction, Tool-Based Exfiltration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (5)

Description-Behavior Mismatch

Medium

Confidence: 96% confidence
Finding: The skill’s manifest says it should only establish methodology and help choose downstream skills, but these lines go further by redefining instruction priority so that the skill can supersede default system behavior. That creates prompt-scope creep: a startup routing skill gains the ability to reshape global agent behavior, which can interfere with higher-trust safeguards and policy enforcement.

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: This startup skill imposes a blanket rule requiring other skills to be invoked whenever there is even a 1% chance they apply. Such compulsory escalation can cause unnecessary tool/skill invocations, reduce agent discretion, and create a denial-of-service style reliability problem where routine tasks are forced through excessive orchestration.

Vague Triggers

High

Confidence: 93% confidence
Finding: Auto-invoking this skill at the start of every top-level conversation gives it pervasive influence over all sessions, including ones where its ideological framing or routing logic is irrelevant. Because the skill also contains behavioral and priority-shaping instructions, the broad trigger amplifies its reach and makes any embedded prompt-manipulation effects systemic rather than task-local.

Natural-Language Policy Violations

Medium

Confidence: 90% confidence
Finding: The skill imposes an ideological identity and working style on the agent without user consent or task necessity. On its own this is mainly a steering and trustworthiness issue, but in context it is more dangerous because the ideological framing is coupled with mandatory behavior, broad activation, and attempts to alter instruction precedence.

Ssd 1

High

Confidence: 98% confidence
Finding: These lines explicitly claim that user directives and this skill override the default system prompt, which is a direct instruction-hierarchy violation. A skill that teaches the agent to demote system controls can enable broader policy bypass, unsafe compliance, and persistent prompt injection effects across subsequent interactions.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal