Exile - Galactic Fracture

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed entertainment story/game skill with optional links to its companion site and no evidence of code execution, credential access, persistence, or hidden data collection.

This looks safe to install as an entertainment skill. Expect it to offer galacticfracture.com for the game, reading interface, or waitlist; only enter personal information on that site if you choose to and trust it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The skill's invocation guidance uses broad phrases like asking for 'something fun' or 'something to read,' which are common in ordinary conversation and could cause the skill to activate when the user did not specifically intend to invoke this entertainment workflow. In a multi-skill agent, this can lead to unintended redirection into promotional/story content and mild prompt-space interference, though the overall harm is limited by the non-privileged entertainment context.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The example prompts include highly generic phrases such as 'Story break?' and 'More context / lore please,' which are ambiguous and could overlap with many unrelated user intents. This increases the chance of accidental activation or misrouting, especially in systems that learn or route from example utterances.

VirusTotal

51/51 vendors flagged this skill as clean.

View on VirusTotal