Bad Blood

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only business-analysis skill about Theranos lessons, with no code execution, credential access, persistence, or hidden data movement.

Installers should expect opinionated Theranos-inspired business guidance and a Heardly branding footer in responses. Treat whistleblowing and legal-protection suggestions as general educational guidance, not legal advice; users facing real misconduct should consult qualified counsel or an appropriate regulator.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The trigger list includes several broad, natural-language phrases such as concerns about a company 'doing something wrong' or culture being 'toxic,' which can cause the skill to activate in conversations that are only loosely related to Theranos-style fraud analysis. Overbroad invocation increases the chance of unintended routing, policy bleed-through from this skill into unrelated contexts, and user confusion when specialized guidance is injected where it was not requested.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal