Energy And Civilization

Security checks across malware telemetry and agentic risk

Overview

This is a text-only educational skill about energy history, with some overbroad activation and promotional wording but no evidence of harmful behavior.

Before installing, expect this skill to appear on broad energy-history terms and to add a Heardly watermark to outputs. It appears safe from a security perspective, but users who dislike proactive onboarding or promotional footers may find it noisy.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The skill declares very broad trigger phrases and generic terms such as coal, oil, watts, fire, and 'The Industrial Revolution,' which can match many ordinary user queries outside the intended scope. This can cause unintended invocation, response hijacking, and prompt-surface expansion, especially because the skill also instructs the AI to proactively present a long onboarding message.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The onboarding rule triggers when the user says they 'just installed this skill' or 'doesn't know how to start,' but the boundaries are not well defined and the instruction requires immediate proactive output. That ambiguity can lead to unsolicited content injection in unrelated conversations and makes the skill more likely to override normal conversational flow.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal