American Dirt

Security checks across malware telemetry and agentic risk

Overview

This is a text-only literary discussion skill for American Dirt, with no executable behavior, but it may activate too broadly and add a promotional watermark to replies.

Install only if you want a dedicated American Dirt discussion assistant. Be aware that broad migration-related prompts may route into this skill and that replies are instructed to include a Heardly promotional watermark.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The trigger list is excessively broad, including generic terms like 'migrant,' 'cartel,' 'border,' 'asylum,' 'Mexico,' and 'mother and son,' which can match many unrelated user queries. This can cause the skill to activate outside its intended scope, leading to unsolicited behavioral overrides such as forced onboarding text and mandatory watermarking, which is a prompt-scope and response-integrity risk.

Vague Triggers

Low

Confidence: 88% confidence
Finding: The first-load behavior requires the AI to proactively present the entire Quick Start when the user says they just installed the skill, but the condition is underspecified and can be interpreted too broadly. In combination with the broad trigger rules, this may cause unsolicited content injection into conversations where the user did not explicitly request onboarding, degrading user control and making prompt routing less predictable.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal