Security audit

geography-score-improvement

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only high school geography tutoring skill with no hidden code, credential use, or system access.

Safe to install from a security standpoint. Treat it as a study aid, verify important exam answers against official materials or a teacher, and only save/upload questions, photos, or voice content if you are comfortable with those study records being retained by the host app.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The invocation scope is very broad: it triggers on essentially any high-school geography knowledge, question explanation, textbook lookup, error-book management, past-paper analysis, or score-improvement request. Overbroad routing can cause the skill to intercept ordinary requests outside clearly bounded conditions, increasing the chance of unnecessary data exposure to the skill context, misrouting, and unreliable behavior when users did not explicitly intend to use this specialized workflow.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal