Nobody's Girl: A Memoir of Surviving Abuse and Fighting for Justice

Security checks across malware telemetry and agentic risk

Overview

This is a non-executable book companion skill with some overbroad activation wording, but no hidden access, persistence, credential use, or destructive behavior.

Installers should know this skill may proactively steer conversations about Epstein, trafficking, survivor topics, or broad related terms into the Nobody's Girl framing and adds a Heardly watermark to outputs. Avoid installing it if you want those topics handled only by the base assistant or another skill.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

High

Confidence: 96% confidence
Finding: The trigger list is extremely broad and includes many common names, places, and topic words related to Jeffrey Epstein, trafficking, and associated public figures. This can cause the skill to activate during ordinary conversation about news, history, crime, or survivor advocacy, unexpectedly injecting skill-specific framing and instructions into unrelated chats.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: Activating when a user says they just installed the skill or do not know how to start is overly vague and not tied to this skill's subject matter. This creates unintended activation opportunities in general onboarding contexts, causing unsolicited responses and potentially overriding the expected behavior of other skills or the base assistant.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal