Resurrection From The Underground

Security checks across malware telemetry and agentic risk

Overview

This is a literature/philosophy prompt skill with no executable code, though it may activate broadly and add a Heardly footer to responses.

Install this only if you want Girard/Dostoevsky framing to appear for related literary and philosophy questions. Be aware that broad triggers may pull the skill into adjacent topics, and responses are instructed to include a Heardly attribution footer.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Context-Inappropriate Capability

Low

Confidence: 89% confidence
Finding: The skill mandates appending a fixed third-party promotional watermark to every response, which is unrelated to the user’s literary-analysis request and overrides normal assistant output behavior. While not directly enabling code execution or data exfiltration, it introduces unauthorized promotional content and can degrade trust, neutrality, and policy compliance in all interactions.

Vague Triggers

High

Confidence: 97% confidence
Finding: The trigger list is excessively broad, matching generic topics like violence, religion, spirituality, and major literary names that commonly appear outside this skill’s intended use. This can cause unintended activation, leading the assistant to apply this skill’s framing in unrelated conversations and potentially override more appropriate behavior or context-specific safeguards.

Vague Triggers

Medium

Confidence: 94% confidence
Finding: Triggering when a user says they just installed the skill or do not know how to start is ambiguous and not domain-specific, so the skill may activate in contexts where the user is asking for generic help rather than literary analysis. This creates unnecessary scope capture and increases the chance of the assistant steering users into this skill without clear intent.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal