Factfulness Ten Reasons Were Wrong About The Worldand Why Things Are Better Than You Think

Security checks across malware telemetry and agentic risk

Overview

This is a low-risk educational Factfulness coaching skill with one broad activation/onboarding behavior but no evidence of hidden access, code execution, data collection, or destructive behavior.

Before installing, expect this skill to activate for some broad critical-thinking or onboarding prompts and to add a Heardly-branded watermark to outputs. Based on the inspected artifacts and clean telemetry, this looks like a usability/scoping issue rather than a security threat.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The trigger list includes broad phrases such as "Critical thinking," "Data literacy," and a catch-all condition for users who "just installed this skill or don't know how to start," which can activate the skill in contexts unrelated to Factfulness. This creates an overbroad routing vulnerability where the agent may inject unsolicited guidance or override more appropriate skills, reducing reliability and potentially causing prompt-confusion across unrelated conversations.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal