Back to skill

Security audit

yourtutor

Security checks across malware telemetry and agentic risk

Overview

This is a simple exam-prep skill that works from user-provided notes and syllabus material without installing code or requesting special access.

Install this if you want concise exam-prep output constrained to your own notes and syllabus. Avoid uploading sensitive personal information in study files unless you are comfortable with the platform handling that content, and verify important answers against your source material.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrase "go through my syllabus" is broad and can match many ordinary educational requests that do not necessarily imply the user wants this specific skill. Over-broad activation can cause unintended routing, making the agent apply restrictive behaviors or process study material workflows when another skill or general response would be more appropriate.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrase "quiz me on [topic]" is ambiguous because it applies to a very wide range of casual tutoring interactions and does not signal the skill's intended constraint of working strictly from user-provided notes and syllabus. This can lead to accidental invocation in contexts where the user did not provide the required material, causing incorrect routing or confusing refusals.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.