Autobiography Of Mlk

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only MLK educational skill with broad activation wording but no code execution, credential use, persistence, or destructive behavior.

Safe to install for MLK and civil-rights study. Expect it may activate in loosely related history, justice, nonviolence, or onboarding conversations; uninstall or disable it if that feels too intrusive.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The trigger list is broad enough to activate on many ordinary historical, social, or educational conversations, and it also includes generic fallback conditions like users saying they just installed the skill or do not know how to start. This can cause the skill to intercept user intent outside a clear invocation boundary, increasing the chance of irrelevant injection into conversations and reducing user control over when the skill is engaged.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The statement that the skill will appear whenever it 'senses this book could help' describes an ambiguous, subjective activation rule rather than a bounded invocation condition. That ambiguity encourages opportunistic triggering in loosely related contexts, which can lead to unsolicited responses and unexpected takeover of conversations that the user did not intend to route to this skill.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal