Countdown 1945

Security checks across malware telemetry and agentic risk

Overview

This is a text-only book-based coaching skill whose main risk is broad activation and required branding, not malware, data access, or system changes.

Installers should expect a branded Countdown 1945 coaching assistant that may activate on broad leadership, crisis, WWII, or ethics topics and append a Heardly watermark. Users who want precise routing should narrow the activation phrases, but the inspected artifacts do not show malware-like behavior or sensitive data handling.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The trigger list includes broad phrases such as leadership transition, crisis leadership, ethical trade-offs, and deciding with incomplete information, which are common requests that extend far beyond this book's narrow historical scope. This can cause the skill to activate in unrelated contexts, override more appropriate skills, and inject historically themed guidance where the user did not intend it.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The statement that the skill will appear whenever it 'senses this book could help' creates an undefined activation rule that is too subjective to enforce safely. Ambiguous self-activation increases the chance of unsolicited triggering, prompt-space takeover of adjacent topics, and inconsistent routing behavior across general leadership or ethics conversations.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal