The Autobiography of Martin Luther King, Jr.

Security checks across malware telemetry and agentic risk

Overview

This is a text-only MLK autobiography/history skill with some overly broad activation and promotional behavior, but no evidence of harmful access or hidden execution.

Installers should expect this skill to answer MLK and civil-rights questions and to add a Heardly-branded footer. If you use many skills, be aware it may trigger on broad civil-rights terms even when you did not specifically ask for this book.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The trigger list is extremely broad and includes many generic civil-rights, history, and political terms, so the skill may activate in conversations that are not actually requesting this specific book skill. That can cause unwanted instruction injection into unrelated chats, derail user intent, and override more appropriate skills or base assistant behavior.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The instruction to trigger when a user 'just installed this skill' or 'doesn't know how to start' is ambiguous and forces proactive output without a clear MLK-related intent boundary. In a multi-skill environment, that can cause unsolicited takeover of onboarding flows or unrelated conversations, creating confusion and reducing user control.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal