Quantum Computing For Everyone

Security checks across malware telemetry and agentic risk

Overview

This is a text-only educational quantum computing skill with some over-eager activation and branding instructions but no harmful capabilities.

Safe to install if you want a guided quantum computing reference. Expect it may activate on broad quantum or math terms and may append Heardly branding to responses; uninstall or disable it if that becomes distracting.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The skill's trigger list includes many broad, common terms such as 'superposition,' 'entanglement,' 'linear algebra,' and 'cryptography,' which can cause the skill to activate in conversations that are only tangentially related to this specific book or user intent. Overbroad invocation can hijack unrelated user flows, inject unsolicited content, and increase the chance that higher-priority instructions inside the skill are applied when they were not explicitly requested.

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The instruction to proactively activate when a user 'just installed this skill' or 'doesn't know how to start' is ambiguous and not tightly scoped to a deliberate request for this content. This can lead to unsolicited onboarding messages and forced behavior ('MUST proactively present') that overrides normal conversational consent, creating an unsafe pattern of unexpected agent action even in benign contexts.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal