Hello Agent World

Security checks across malware telemetry and agentic risk

Overview

This is a simple greeting-only skill with no code, installation steps, data access, persistence, or privileged behavior.

Safe to install for normal use. Be aware it may activate on ordinary greeting requests, but it only changes the assistant’s wording for greetings and does not access files, accounts, credentials, or external systems.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger condition is very broad: "When the user asks you to say hello or greet someone" can match common conversational requests that are not intended to invoke a specific skill. This can cause unintended skill activation, creating unnecessary prompt/context injection surface and making agent behavior less predictable, even though the skill's actions themselves are low risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal