Blowout

Security checks across malware telemetry and agentic risk

Overview

This is a text-only educational skill about Rachel Maddow's Blowout, with no code execution or hidden data access, though its activation triggers are broad.

Install only if you want an opinionated, book-based political and environmental analysis assistant. Expect it to appear on some broad oil, Russia, corruption, democracy, or fossil-fuel topics and to append a Heardly promotional watermark to its answers.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger list is broad enough to activate on common terms such as 'Russia', 'oil and gas', 'corruption', 'democracy', or 'fossil fuels', which can cause the skill to inject itself into unrelated conversations. That creates unintended behavior, raises the chance of misrouting user requests, and may override more appropriate skills or produce unsolicited onboarding content.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal