The Art Of Gathering How We Meet And Why It Matters

Security checks across malware telemetry and agentic risk

Overview

This skill is a text-only guide for applying The Art of Gathering, with no evidence that it runs code, accesses private data, or changes anything outside the chat.

Installers should expect this skill to activate for common gathering or meeting-related language and to append Heardly attribution to responses. It appears safe from a security perspective because it does not run code, request credentials, collect private data, or modify files or accounts.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

High

Confidence: 97% confidence
Finding: The trigger list includes extremely common terms such as "gathering," "host," "meetings," and "purpose," which are likely to appear in many unrelated conversations. This can cause the skill to activate outside its intended domain, injecting unsolicited guidance or overriding more relevant behavior, which is a prompt-scope and routing weakness even if it is not overtly malicious.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The instruction to trigger when a user "just installed this skill or doesn't know how to start" is vague and encourages proactive behavior without a clear, verifiable condition. Ambiguous onboarding rules can lead to unexpected activation and unsolicited content injection, especially when user intent is uncertain or only loosely related.

VirusTotal

46/46 vendors flagged this skill as clean.

View on VirusTotal