Cricket Stats Skill

Security checks across malware telemetry and agentic risk

Overview

This is a low-risk cricket statistics helper that uses public web lookups and does not install code, persist data, or request credentials.

Install if you are comfortable with the agent using web search and page fetches for cricket questions. For better accuracy, specify format, competition, date range, and men's or women's cricket; consider narrowing the trigger and removing unused Read/Grep permissions if your environment supports fine-grained tool access.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger description is broad enough to activate on many general cricket-related prompts, including ones that may not actually require a dedicated stats skill. This can cause unnecessary tool use and over-collection of external data, but it does not by itself create a direct security compromise.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The instruction to handle 'any cricket data' lacks clear activation boundaries and may cause the skill to respond to loosely related or ambiguous requests. In context, this mostly risks unintended invocation and unnecessary web access rather than harmful capability escalation.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal