Human Machine

Security checks across malware telemetry and agentic risk

Overview

This is a text-only Human + Machine business strategy skill; its broad onboarding and required Heardly watermark may be intrusive, but it does not run code, use credentials, or change data.

Use this skill as an advisory framework for AI strategy and organizational design. Before installing, be aware that it may activate on broad AI or future-of-work prompts, show an onboarding guide proactively, and add Heardly attribution to responses; treat its recommendations as business guidance to review, not as automatic operational decisions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The trigger phrases are broad, numerous, and include generic onboarding-style conditions such as users saying they just installed the skill or do not know how to start. This can cause the skill to activate outside its intended scope, override more appropriate skills, and inject unsolicited guidance, increasing the chance of prompt hijacking or user confusion through unintended invocation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal