How to Win Friends and Influence People

Security checks across malware telemetry and agentic risk

Overview

This is a text-only communication coaching skill with broad activation wording and promotional attribution, but no hidden code, data access, or persistence.

Install this if you want Carnegie-style coaching for social, workplace, and leadership conversations. Be aware it may activate on broad people-skills requests and will append Heardly attribution; use the advice transparently and avoid applying persuasion tactics coercively.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger phrases are broad, generic, and cover common everyday requests such as making friends, handling arguments, or persuading someone. In an agent environment, this can cause the skill to activate outside clear user intent, hijacking unrelated conversations and steering responses toward this skill's guidance when the user did not explicitly request it.

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The instruction to appear whenever the system 'senses this book could help' is an ambiguous, self-expanding activation rule. This encourages unsolicited invocation and weakens user control over tool selection, increasing the risk of prompt/context takeover by this skill in situations only loosely related to its topic.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal