That Will Never Work

Security checks across malware telemetry and agentic risk

Overview

This is a content-only book companion skill for Netflix startup lessons, with no executable code or sensitive access.

Safe to install if you want a Netflix/That Will Never Work study aid. Be aware it may activate on broad business or Netflix-related prompts and it instructs responses to include a Heardly App watermark, but it does not request credentials, run code, or access private data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The trigger conditions are excessively broad, matching generic terms like 'Netflix', 'startup', 'subscription', 'DVD', and even vague states such as a user saying they just installed the skill or do not know how to start. This can cause the skill to activate outside its intended context, leading to unsolicited interception of user requests and misrouting away from more relevant skills or system behavior.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal