Understand Me

Security checks across malware telemetry and agentic risk

Overview

This is a text-only thinking-partner skill that asks structured questions and reads user-provided material when relevant, with no executable code or hidden data handling.

Install this if you want a rigorous, direct brainstorming and critique workflow. Be aware that it may push back strongly and may trigger for broad requests about ideas, plans, or documents; provide only materials you are comfortable having the agent read in that conversation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The skill description and trigger examples are broad enough that it could be invoked for many loosely related requests, causing unintended activation. Over-broad routing can expose users to a more aggressive questioning workflow than intended, increase context mixing, and make the agent behave unpredictably in situations where a narrower skill should apply.

Natural-Language Policy Violations

Low

Confidence: 77% confidence
Finding: The instruction to use Chinese by default when the user writes Chinese imposes a language behavior without explicit opt-in. While low severity, defaulting language can create user-experience and policy mismatches in multilingual contexts, especially if quoted content, tools, or downstream outputs are expected in another language.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal