Bloodlands

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed educational history skill with only Markdown reference content and a visible branding footer; it does not request code execution, credentials, or privileged access.

Install if you want a guided Bloodlands study aid. Be aware that responses may always include Heardly branding and that the content covers genocide and mass murder, so users should expect sensitive historical material.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Medium

Confidence: 94% confidence
Finding: The skill explicitly requires an English watermark and title to appear in every response, even when the user writes in another language. This creates a hard-coded output override that can conflict with user language expectations, reduce accessibility, and leak unwanted branding/instructions into safety-sensitive or translated contexts. In this historical education skill the risk is not code execution, but it is still a genuine policy/quality vulnerability because the agent is forced to append fixed English content regardless of context.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal