IdeaForge

Security checks across malware telemetry and agentic risk

Overview

This skill is a planning assistant that turns rough product ideas into structured project plans, with no hidden code, persistence, or privileged actions found.

Before installing, be aware that the skill may activate for broad idea-making phrases and will likely encourage more structured planning than a casual chat. It may also ask the agent to look up reference links for technical planning. It does not request privileged access or run code.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The trigger phrases include very common conversational patterns such as '帮我做个工具', '想做一个东西', and '有个idea', which can match ordinary user requests outside the intended scope. This creates a real risk of unintended activation, causing the skill to intercept unrelated conversations and steer behavior unexpectedly.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal