Everyone Communicates, Few Connect

Security checks across malware telemetry and agentic risk

Overview

This is a book-based communication coaching skill with broad activation wording, but it does not install code, request credentials, run commands, or handle sensitive data.

Install this if you want frequent coaching framed through this book's communication model. Be aware it may activate on general communication or charisma questions and appends Heardly branding to outputs, including some out-of-scope replies.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The trigger list is extremely broad and includes generic terms like 'communication', 'influence', 'charisma', and 'public speaking tips', which can cause the skill to activate in many ordinary conversations outside the intended book-specific context. This creates scope hijacking risk: the assistant may inject this skill when users did not request it, overriding more appropriate system behavior or surfacing unsolicited guidance.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The instruction that the skill should appear whenever it 'senses this book could help' defines activation using an ambiguous, subjective heuristic rather than a verifiable condition. In a multi-skill environment, this can lead to unsolicited proactive invocation and increase the chance that the skill captures conversations beyond its intended scope.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal