education-learning-aggregation

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed education-skill router with no executable code, though its broad trigger keywords may activate it more often than intended.

Install this as a broad education router rather than a reviewed bundle of every downstream skill it names. For assignments, grades, LMS records, calendars, or student information, confirm which subskill will be used and review that subskill before sharing sensitive data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The trigger rule uses very generic education-related keywords such as “教育”, “学习”, “学科”, “提分”, “考试”, “备课”, and “作业”, which are common in ordinary user conversations. This can cause the aggregation skill to activate unintentionally and route requests to sub-skills without clear user intent, increasing the chance of inappropriate tool selection, unexpected data handling, or confusing behavior across many linked skills.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal