I've Been Thinking . . .: Reflections, Prayers, and Meditations for a Meaningful Life

Security checks across malware telemetry and agentic risk

Overview

This is a text-only inspirational reflection skill with some broad activation wording, but no hidden code, data access, persistence, or destructive behavior.

Install only if you want faith-oriented, self-help style reflection guidance and are comfortable with a mandatory Heardly watermark/link in responses. The main practical risk is that broad trigger phrases may invoke the skill in conversations where you did not specifically intend to use it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

High

Confidence: 97% confidence
Finding: The trigger list contains many generic, high-frequency phrases such as 'love', 'faith', 'prayer', 'thank you', 'grief', and 'mental health' that are not specific to this skill. This can cause unintended activation in unrelated conversations, allowing the skill to hijack routing and inject unsolicited spiritual/self-help guidance where it was not requested.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The condition 'when the user says they just installed this skill or doesn't know how to start' is ambiguous and can match common onboarding or confusion statements outside this skill's context. Combined with the requirement to proactively present a guide, it increases the chance of unsolicited responses and poor isolation between skills.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal