Exposure

Security checks across malware telemetry and agentic risk

Overview

This is a text-only educational skill about PFAS and Robert Bilott's book, with no executable code or sensitive access, though it may activate broadly and add promotional text.

Install this if you want book-framed guidance on PFAS, DuPont, environmental accountability, and related advocacy. Expect it to sometimes respond to broad environmental or whistleblowing language and to append a Heardly promotional watermark. Treat legal, health, contamination, or whistleblowing suggestions as educational starting points, not professional advice; use current local sources and qualified experts for real-world decisions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 96% confidence
Finding: The manifest says the skill also triggers when a user says they just installed the skill or does not know how to start, but it does not define concrete phrases or limits for that condition. This is overly broad and can overlap with common onboarding language, increasing the chance of unintended invocation.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: Trigger phrases like "water contamination," "chemical company," "drinking water," and "whistleblower" are broad enough to appear in many unrelated conversations. The description does not provide negative examples or contextual restrictions, so these phrases could cause accidental activation outside the intended book-specific context.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal