John Adams

Security checks across malware telemetry and agentic risk

Overview

The available evidence points to a John Adams history skill with no malware or high-impact access signals, though its activation wording may be broader than ideal.

This looks safe to install from the available evidence. Be aware it may respond in some broader American history conversations, so uninstall or disable it if it becomes too eager or gets in the way of more relevant skills.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger rules are broad enough to activate on many ordinary history-related conversations, including generic mentions of the American Revolution, Founding Fathers, presidency, or a user saying they just installed the skill. This can cause unintended invocation, response hijacking over more relevant skills, and degraded user trust because the assistant may proactively inject this skill when the user did not specifically request John Adams content.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal