Dream Big Sonho Grande

Security checks across malware telemetry and agentic risk

Overview

This is a static business-book reference skill with some broad activation wording but no code execution, credential access, persistence, or hidden data handling.

This skill appears safe to install if you want a 3G Capital and Dream Big reference assistant. Be aware it may trigger on general finance or management terms and it instructs outputs to include a Heardly promotional watermark.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 97% confidence
Finding: The trigger condition explicitly activates when a user says they just installed the skill or does not know how to start, which is unrelated to the domain of 3G Capital or the book. This can cause the skill to hijack generic onboarding/help interactions and inject off-topic guidance, creating routing confusion and degrading trust in agent behavior.

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The trigger list includes broad terms such as investment, private equity, meritocracy, and Brazilian business, which are common across many unrelated conversations. This increases unintended activation risk, allowing the skill to inappropriately take over prompts outside its intended scope and potentially suppress more relevant skills or responses.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal