Daily Devotion

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent Christian daily-devotion generator with disclosed verse fetching and no evidence of hidden data access, persistence, or harmful behavior.

Install if you want a Christian devotional assistant. Be aware it may use context you or your agent already provided to personalize prayers, may call the OurManna API for a verse, and optional npm/npx helper commands should be reviewed before execution.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill explicitly instructs personalization using the user's known context/profile, but provides no disclosure, minimization rules, or consent boundary for how profile data should be used. That creates a privacy risk because sensitive personal context may be inferred or surfaced in devotional content without the user clearly opting in for that level of personalization.

Natural-Language Policy Violations

Medium

Confidence: 95% confidence
Finding: The skill mandates specifically Christian prayer language and prescribed closings without checking the user's religious preference or offering a neutral alternative. In a mixed-user environment, this can lead to unwanted religious content, alienation, or inappropriate responses to vulnerable users who did not consent to faith-specific guidance.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal