True Seeing

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only fact-checking skill that uses web searches and waits for user approval before changing text.

Install this when you want explicit article fact-checking. Avoid using it on confidential drafts or sensitive personal/business material unless you are comfortable with extracted claims being used for web searches, and review sources before accepting replacements.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 85% confidence
Finding: The trigger list includes broad natural-language phrases such as requests to check data or verify a passage, which can cause the skill to activate in situations the user did not clearly intend. In a skill that performs web-search-based fact checking and may transform user content, over-broad activation raises the risk of unintended processing, unnecessary external queries, and confusing or privacy-impacting behavior.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The README states that the skill verifies article facts via Web Search but does not warn that article text, extracted claims, or derived search terms may be sent to external services. For a fact-checking tool, users may submit unpublished drafts, confidential business material, or sensitive personal content, so lack of disclosure can lead to unintentional data exposure and privacy/compliance issues.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal