Cross-Pollination Engine

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only brainstorming skill with no executable behavior, though one example should handle child-related sharing more carefully.

Safe to install for creative analogy and brainstorming use. Treat any suggestions involving children, clients, patients, employees, or other sensitive people as ideas that still need consent, privacy review, and approved communication channels before implementation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The skill description contains very broad trigger phrases such as "think outside the box," "different industry," and "what can we learn from," which are common in ordinary conversation and could cause the agent to invoke this skill unintentionally. While the skill itself is not directly dangerous, overbroad activation can lead to inappropriate routing, unexpected behavior, and reduced reliability of the system.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The example recommends sending proactive caregiver texts, photos, and voice memos about a child without mentioning consent, access controls, or privacy safeguards. In a childcare context, child images, caregiver identity, and daily status updates are sensitive personal data, so presenting this pattern without guardrails can normalize unsafe handling or disclosure of protected information.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal