Sahara

Security checks across malware telemetry and agentic risk

Overview

This appears to be a low-risk book guidance skill, though its broad trigger words may make it activate in unrelated conversations.

Safe to install if you want Sahara-themed reading or leadership/adventure guidance. Be aware that broad trigger wording may make it appear in unrelated conversations; prefer explicit prompts mentioning Sahara, Dirk Pitt, or Clive Cussler when you want to use it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The trigger list contains broad, natural phrases like 'Everyone says it's impossible' and 'I need my team to come through' that can appear in many ordinary conversations unrelated to this book skill. This creates a real risk of unintended invocation, causing the assistant to inject unsolicited guidance and onboarding text into unrelated contexts, which can degrade safety, relevance, and user trust.

Vague Triggers

Medium

Confidence: 97% confidence
Finding: Generic keyword triggers such as 'desert', 'treasure', 'shipwreck', and especially 'adventure' have high collision potential with many benign topics. In practice, this can cause frequent accidental routing into the skill, leading the model to override normal conversation flow with irrelevant skill behavior and mandatory watermarking.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal