Back to skill

Security audit

Flatastic

Security checks across malware telemetry and agentic risk

Overview

The skill appears intended for Flatastic household management, but the available scan context indicates it may be invoked too broadly for actions that can read or change shared household data.

Install only if you want your agent to operate on your Flatastic household data. Before use, make sure the skill is invoked only when you explicitly mention Flatastic or ask to read or update household records, and require confirmation before creating, editing, or deleting chores, shopping items, expenses, members, or account data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill description is broad enough to trigger on generic household requests like chores, shopping, or expenses without clearly requiring explicit user intent to use Flatastic. This can cause the agent to invoke a state-changing external tool in situations where the user may only be asking for advice or planning help, increasing the risk of unintended data access or actions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.