Live In Grace Walk In Love

Security checks across malware telemetry and agentic risk

Overview

This is a low-risk devotional prompt pack with broad activation wording, but no code, credential access, persistence, or hidden data handling.

Install only if you want explicitly Christian devotional guidance. Expect the skill to include a Heardly App watermark and to potentially activate on broad faith-related terms; there is no evidence it runs code, accesses private data, or changes your environment.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The manifest says to trigger on generic terms like "grace," "love," "Christian," "faith," "Bible," and "prayer," which commonly appear in ordinary conversation and are not specific to this skill or book. It also adds an ambiguous condition to trigger when the user says they just installed the skill or doesn't know how to start, without defining scope or exclusions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal