Back to skill

Security audit

Judge

Security checks across malware telemetry and agentic risk

Overview

This instruction-only court-help skill has no code or device access, but it gives high-stakes legal guidance without enough jurisdiction, legal-advice, or privacy guardrails.

Review carefully before installing. It is safe from a device-access perspective, but use it only as general information: redact sensitive details, verify all deadlines and filing rules with the court or local legal aid, and seek a licensed attorney for criminal, custody, eviction, restraining-order, immigration, appeal, or other high-stakes matters.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The examples give concrete legal-procedure guidance, deadlines, and filing suggestions without clearly warning that court rules, deadlines, and terminology vary by jurisdiction and that the material is not legal advice. A user may reasonably rely on these examples as authoritative, which could cause missed deadlines, improper filings, or other prejudicial legal mistakes in real cases.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill repeatedly prompts users to paste detailed case facts, documents, dates, rulings, settlement terms, and other litigation information, but provides no warning about privacy, confidentiality, or safe data-minimization practices. In a legal context, this can expose highly sensitive personal, financial, medical, or case-strategy information to unnecessary disclosure, creating privacy and downstream legal-risk issues for self-represented users.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger list contains very generic legal terms such as "court," "judge," "order," and "complaint," which can cause the skill to activate in many contexts outside the user's intended request. Over-broad activation can surface legal guidance when it was not requested, increasing the chance of irrelevant, misleading, or risky procedural advice in sensitive situations.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This skill provides extensive procedural and strategic legal guidance but does not clearly warn users that legal rules vary by jurisdiction and that the content is not a substitute for qualified legal counsel in high-stakes matters. In the legal context, omission of that warning can cause users to rely on generalized guidance for custody, housing, finances, or criminal matters, leading to missed deadlines, improper filings, waived rights, or other serious harm.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.