Turkish Locale Skill Pack 🇹🇷

Security checks across malware telemetry and agentic risk

Overview

This Turkish locale pack is mostly transparent and purpose-aligned, with setup and automation cautions but no artifact-backed malicious behavior.

Install only if you want a Turkish news/market assistant with optional recurring delivery. Review the SOUL.md persona before copying it, confirm any cronjob schedule and Telegram/Discord destination, use a dedicated Telegram bot token, and note that the BIST-named helper is actually a crypto price script.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (12)

Description-Behavior Mismatch

High

Confidence: 97% confidence
Finding: The file is named and advertised as BIST100 stock tracking, but the implementation actually fetches cryptocurrency prices from CoinGecko. This mismatch can mislead users, reviewers, and downstream automation into executing functionality they did not intend, which is a supply-chain integrity and trust problem even though it is not direct code execution.

Intent-Code Divergence

Medium

Confidence: 94% confidence
Finding: The filename implies BIST100 prices while the documentation and code implement a crypto price tracker. Even if accidental, deceptive naming increases the chance that operators approve or invoke the wrong capability, especially in agent ecosystems where file names and manifests influence trust decisions.

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: The skill uses terminal-based shell execution and an inline Python interpreter to fetch and parse RSS content, even though its stated purpose is straightforward news aggregation. Invoking a shell expands the attack surface unnecessarily: if feed URLs, source names, or future user-influenced parameters are interpolated into commands, this can become command injection or arbitrary code execution.

Intent-Code Divergence

Low

Confidence: 84% confidence
Finding: The documentation frames the behavior as simple curl-based RSS retrieval, but the implementation also launches an inline Python interpreter through the shell. That mismatch hides the true execution capability and can mislead reviewers into underestimating the risk of shell access and interpreter chaining.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: Auto-activating on 'user writes in Turkish' or broad Turkish-language keywords is overly permissive and can cause the skill to load in many unrelated conversations. That increases the chance of unintended routing to finance, news, or scheduling workflows, and in this package context it could trigger sub-skills with network access or automation behavior without a sufficiently specific request.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: Setting up cron jobs and Telegram delivery introduces persistence and external data transmission, but the description does not clearly warn users that enabling the feature may create scheduled tasks and send content to a third-party messaging platform. This is risky because users may not realize they are authorizing ongoing automated behavior beyond the current session.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The trigger set is broad enough to activate on common Turkish finance conversations such as generic questions about markets, exchange rates, or stocks. That can cause unintended invocation of this skill, which in turn may route user queries to external finance sites and shape responses with finance-specific behavior when the user did not explicitly opt in.

Vague Triggers

Low

Confidence: 80% confidence
Finding: The portfolio watchlist procedure says to 'offer to schedule periodic updates' but does not define consent, retention, frequency limits, or what data is stored. In a system with scheduling or persistence capabilities, that ambiguity can lead to unwanted ongoing monitoring, privacy issues, or excessive notifications.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill instructs the agent to fetch data from multiple third-party websites and APIs, including scraping and terminal-based curl requests, but gives no user-facing disclosure that market queries may be sent off-platform. This creates a transparency and privacy risk because user requests, tracked tickers, and timing of financial interest may be exposed to external providers without informed consent.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill explicitly configures recurring delivery to Telegram/Discord and local file output, but it does not require a clear user confirmation or warn that this creates ongoing outbound messaging or persistent local artifacts. In an agent context, silent scheduling and background delivery can cause privacy issues, unwanted notifications, or unintended data retention if the user does not fully understand that the behavior persists after the initial request.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The trigger phrases are broad enough to match common, everyday requests such as general news queries, increasing the chance of unintended invocation. Overbroad activation is dangerous because it can cause the agent to run network-fetching logic and external-content processing in contexts where the user did not explicitly request this skill.

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The 'When To Use' section defines activation in broad, ambiguous terms like any request about Turkish news or general current events. In a skill that performs external fetching and summarization, ambiguous routing increases unintended execution and makes it easier for unrelated prompts to trigger network access.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal