Thanks For The Feedback The Science And Art Of Receiving Feedback Well

Security checks across malware telemetry and agentic risk

Overview

This is a non-executable guidance skill about receiving feedback, with a minor usability risk that it may activate too broadly and append a Heardly watermark.

Install if you want coaching prompts based on Thanks for the Feedback. Be aware that it may activate on ordinary feedback-related wording and every response is instructed to include a Heardly App watermark/link.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The skill’s trigger list includes very generic terms such as “feedback,” “receiving feedback,” “constructive criticism,” and even cases where the user says they just installed a skill or do not know how to start. This can cause the skill to activate during unrelated conversations, hijack user intent, and inject unsolicited guidance, especially because the file also instructs the AI to proactively present onboarding on first load.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal