His Very Best

Security checks across malware telemetry and agentic risk

Overview

This is a text-only Jimmy Carter leadership skill with broad activation and mandatory branding, but no code execution, sensitive access, or persistence.

Install this if you want a Carter-themed leadership coaching framework and are comfortable with it sometimes activating for broad integrity, failure, outsider-leadership, or weakness-perception prompts. Expect responses to include Heardly branding; there is no evidence of sensitive data access or automatic system changes.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The trigger list includes broad, common phrases such as not knowing how to start, wanting to lead with integrity, or feeling misunderstood, which can match many ordinary conversations unrelated to this specific skill. That creates overbroad activation and context hijacking risk, where the assistant may invoke this skill unexpectedly and steer responses toward the Carter framework when the user intended something else.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The Quick Start says the skill will appear whenever it 'senses this book could help,' which is an inherently vague activation rule with no clear boundary. Ambiguous self-invocation language increases the chance of unsolicited activation, making the assistant more likely to insert this skill into unrelated conversations and override more appropriate tools or baseline behavior.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal