Back to skill

Security audit

Emotion Router

Security checks across malware telemetry and agentic risk

Overview

This skill only adjusts a coding agent's response style for urgent, frustrated, or confused prompts and does not add code execution, data access, or persistence.

Install this if you want the agent to adapt how it works when your prompt clearly signals urgency, frustration, or workflow confusion. The main practical risk is occasional over-triggering on ambiguous wording; if that happens, tell the agent to ignore the emotion router and handle the task normally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The referenced file is an urgency-handling route, while the manifest describes an emotion-focused soft router scoped to urgency, anger/frustration, and workflow confusion. This mismatch can cause the agent to load behavior based on a narrower or different trigger model than intended, leading to misrouting and unsafe prioritization under emotionally charged prompts. Because routing skills influence downstream agent behavior, scope drift is a genuine security and reliability concern.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The default prompt activates on subjective phrases such as 'clear urgency wording,' 'strong anger/frustration signals,' and 'workflow confusion,' which are broad and interpretation-dependent rather than tightly bounded. In a coding-agent routing context, this can cause the skill to trigger on ordinary user frustration or ambiguous wording, leading to unintended routing behavior and increased exposure to any downstream instruction logic the skill applies.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.