Contagious Why Things Catch On

Security checks across malware telemetry and agentic risk

Overview

This is a content-only marketing/book-reference skill with no executable code, credentials, persistence, or data access.

This skill appears safe to install as a book and marketing framework reference. Be aware that generic terms like marketing, viral, emotion, or stories may cause it to appear in conversations where you did not specifically mean this book; disable or ignore it if that becomes noisy.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The trigger list includes very broad, generic terms such as "viral," "marketing," "emotion," "stories," and a rule to trigger when a user says they just installed the skill. These can cause the skill to activate in unrelated conversations, leading to unintended routing, response hijacking, and reduced trust in the assistant; while not a direct code-execution issue, it is a real security and safety concern because overly broad invocation expands the skill's control surface unnecessarily.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal