Back to skill

Security audit

Top-Learner

Security checks across malware telemetry and agentic risk

Overview

This is a study-coaching skill that gives learning, exam-prep, and practice guidance without requesting special access or running code.

Safe to install for study coaching. Be aware it may activate for many learning or exam-related requests, and review any optional handoff to other skills such as flashcard or research helpers before using them with sensitive material.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The skill metadata description explicitly includes very broad trigger phrases such as '学习方法', '备考', '复习策略', and '知识点理解', which are common across many ordinary educational conversations. This can cause the skill to activate unintentionally in contexts where the user did not ask for this specific workflow, creating prompt hijacking of routing/selection logic and potentially overriding more appropriate or safer specialized skills.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.