Ignition!: An Informal History of Liquid Rocket Propellants

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a low-risk instructional/onboarding skill, with the main concern being that it may activate too broadly and interrupt unrelated conversations.

Installers should expect this skill to provide onboarding help proactively. If it appears during unrelated chemistry or rocketry conversations, disable it or ask the publisher to narrow the activation phrases.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger list includes broad phrases such as general rocketry and chemistry terms that can plausibly appear in ordinary educational or technical conversations, causing the skill to activate when the user did not explicitly request it. Because the skill also instructs the AI to proactively present a Quick Start on activation, accidental triggering can disrupt unrelated sessions and override user intent more often than a narrowly scoped skill would.

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The condition 'when the user says they just installed this skill or doesn't know how to start' is ambiguous and can match common onboarding or help-seeking language outside this skill's context. Combined with the requirement that the AI 'MUST proactively present' the guide, this creates a high likelihood of unsolicited activation and response hijacking during unrelated conversations.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal