Adhd An A Z

Security checks across malware telemetry and agentic risk

Overview

This is a text-only ADHD self-help/book-guide skill with disclosed mental-health-adjacent content and no code, credentials, network access, or persistence.

Installers should know this skill may activate on broad productivity or focus-related language and provides general ADHD guidance, including diagnosis and medication discussion. Treat it as educational self-help, not medical advice, and verify healthcare steps with a qualified professional in your country.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The skill is configured to trigger when a user merely says they just installed it or does not know how to start, which is a weak contextual signal and can cause unsolicited activation. In a mental-health-adjacent skill, this increases the chance of the agent steering a generic onboarding conversation into ADHD-specific guidance without clear user intent, creating misrouting and potentially inappropriate health-related framing.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: Several trigger phrases such as 'focus', 'organisation', 'time management', and 'confidence' are broad everyday terms that can appear in many unrelated conversations. Because this skill provides health and diagnosis-adjacent content, overly generic triggers raise the risk of accidental invocation and inappropriate insertion of ADHD-specific advice where the user did not ask for it.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal