Flipped

Security checks across malware telemetry and agentic risk

Overview

This is a book-study skill for Flipped with no executable code or sensitive access, though its triggers are broad and it adds a mandatory attribution link.

Safe to install as a Flipped study helper. Be aware it may activate on generic coming-of-age or first-love prompts, and its responses are instructed to include a Heardly attribution link every time.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger list contains broad, common phrases such as "first love," "young adult," "perspective," and "growing up," which are likely to appear in many unrelated conversations. This can cause unintended skill activation, leading to prompt hijacking of normal routing, user confusion, or inappropriate content injection into sessions that were not about this book.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal