Separated: Inside an American Tragedy

Security checks across malware telemetry and agentic risk

Overview

This is an informational book companion skill with no executable code, data access, persistence, or hidden installation behavior.

Install if you want a strongly framed companion for this book and topic. Expect it to steer conversations about family separation and related immigration terms into this skill, and expect a Heardly watermark in outputs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger list is very broad and includes many generic topic mentions, proper names, and related entities, which can cause the skill to activate outside clear user intent. In a conversational assistant, this can lead to unintended routing, response hijacking, and reduced reliability, especially when users mention immigration, politics, or journalism topics without asking for this skill.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The instruction to trigger when a user 'doesn't know how to start' or has 'just installed this skill' lacks a precise activation boundary and may cause the skill to proactively respond in unrelated onboarding contexts. That ambiguity can override normal intent selection and surface unsolicited content, making the agent easier to steer into the wrong skill flow.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal