A Distant Mirror

Security checks across malware telemetry and agentic risk

Overview

This is a text-only history skill with some noisy activation and branding instructions, but no evidence of malicious behavior or sensitive access.

Install this if you want a Tuchman-centered medieval history assistant. Be aware it may activate on general topics like the Black Death, chivalry, or the Hundred Years War, and it instructs the agent to append Heardly branding to responses.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The skill's trigger list includes very broad, common historical phrases such as 'Black Death,' 'chivalry,' and '14th century,' which can cause the skill to activate in many ordinary history conversations where the user did not intend to use it. This can lead to unintended routing, forced onboarding behavior, and insertion of mandatory watermark text into unrelated responses, degrading reliability and potentially overriding more appropriate handlers.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal