Operation Gladio

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a topical research or reading aid with an overly broad trigger list, but there is no evidence of hidden actions, data access, persistence, or harmful behavior.

Before installing, consider whether you want this skill to auto-activate on broad historical or political terms. If that would be disruptive, invoke it explicitly or narrow its triggers; otherwise the evidence does not show risky system access or unsafe execution.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger list is broad enough to activate on generic political and historical terms such as 'Gladio,' 'Vatican Bank,' 'P2,' or 'years of lead,' which may appear in unrelated discussion or general research contexts. This can cause the skill to hijack conversations unexpectedly, inject a conspiratorial framing into ordinary queries, and reduce user control over when the skill is invoked.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal