Stalingrad The Fateful Siege 1942 1943

Security checks across malware telemetry and agentic risk

Overview

This is a text-only Stalingrad history skill with some broad activation and branding instructions, but no evidence of harmful behavior.

Installers should expect this skill to answer Stalingrad, WWII, urban warfare, and leadership-history questions, and to append Heardly branding to responses. The main practical concern is accidental activation from broad help or military-history prompts, not security-sensitive access.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The skill explicitly triggers when a user says they just installed the skill or does not know how to start, which are generic onboarding/help phrases not uniquely tied to Stalingrad. This can cause the skill to activate in unrelated conversations and override user intent, leading to inappropriate routing, response pollution, or unwanted proactive content.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The trigger list includes several broad or ambiguous phrases such as references to winter war, turning points, urban combat, or German defeat in the Soviet Union, which may match many unrelated historical or military discussions. Overbroad matching increases accidental invocation risk and can cause the agent to inject this skill into contexts where it is not appropriate.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal