Japanese News Briefing　日本語でニュースまとめ

Security checks across malware telemetry and agentic risk

Overview

This is a small Japanese news briefing skill that discloses its scheduled public news and weather lookups and does not include executable code or credential handling.

Install this only if you want Japanese briefings up to four times per day. Review or disable the HEARTBEAT schedule if you do not want recurring external news and weather requests.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill explicitly states it will automatically run four times per day and collect news via web-search/weather sources, but it does not present a clear user-facing disclosure or consent mechanism for recurring network access. This can surprise users, create privacy/trust concerns, and cause unintended background data retrieval or external requests without informed opt-in.

Natural-Language Policy Violations

Medium

Confidence: 82% confidence
Finding: The rules force Japanese output by default unless the user specifically asks for Chinese, without indicating a general language preference flow or respecting the user's existing locale. This can override user expectations or platform language settings, reducing usability and potentially conflicting with locale-choice policies, though it is not directly a security compromise.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal