On the Road

Security checks across malware telemetry and agentic risk

Overview

This is a literature guidance skill with no code, credentials, or data-access behavior, though its broad triggers and mandatory Heardly watermark may be intrusive.

Install it if you want On the Road-themed literary reflection. Be aware that it may activate on broad topics like freedom, jazz, or road travel, and it appends Heardly promotional text to outputs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

High

Confidence: 93% confidence
Finding: The trigger conditions are broad enough to activate on common words and themes like 'freedom,' 'the road,' or 'jazz,' which can cause the skill to hijack unrelated conversations. This creates prompt-routing risk: the assistant may apply the wrong persona, instructions, or output formatting to benign user requests that merely overlap semantically.

Vague Triggers

Medium

Confidence: 83% confidence
Finding: The Quick Start encourages activation through vague life-situation prompts rather than a specific opt-in phrase, increasing the chance that the skill will engage when the user did not intend to use it. While this is mainly a routing and UX safety issue, it can still misdirect sensitive conversations by forcing a literary framework and mandatory output pattern onto unrelated requests.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal