Aibrary Foryou Topic

Security checks across malware telemetry and agentic risk

Overview

This is a simple instruction-only skill for personalized book-topic recommendations and does not request code execution, credentials, file access, persistence, or external data transfer.

This appears safe to install. The main consideration is privacy: because recommendations can be based on career, goals, interests, and recent learning activity, only share personal context you are comfortable using for recommendation generation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The manifest description contains broad activation language such as 'use when the user wants personalized topic suggestions,' 'asks what should I learn today,' and 'proactively suggest this when the user seems undecided,' which can match common conversational intents and cause the skill to trigger too often. Over-broad routing increases the chance that user context is unnecessarily sent into this skill, leading to unintended invocation, irrelevant responses, and possible privacy over-collection if profile or learning-history data is used without clear need.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal