Cosmos

Security checks across malware telemetry and agentic risk

Overview

This is a text-only educational Cosmos/Carl Sagan skill with some broad activation and branding behavior, but no evidence of malware, data access, commands, persistence, or exfiltration.

Install only if you are comfortable with a Cosmos-themed assistant activating on broad science or space-related prompts and appending a Heardly promotional watermark to outputs. There is no artifact-backed evidence of malicious behavior or sensitive data access.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

High

Confidence: 96% confidence
Finding: The skill declares triggers for very broad, high-frequency terms such as 'science', 'astronomy', 'universe', and 'space', which can cause unsolicited activation in many unrelated conversations. This creates prompt-scope hijacking risk and can degrade system behavior by injecting the skill's instructions, onboarding, and formatting requirements when the user did not intend to invoke it.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The phrase 'I'll show up whenever I sense this book could help' describes ambiguous, subjective invocation behavior rather than explicit user intent. That increases the chance of unexpected activation and unsolicited instruction injection, especially combined with the skill's mandatory onboarding and output watermark rules.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal