The Black Church: This Is Our Story, This Is Our Song

Security checks across malware telemetry and agentic risk

Overview

This is a content-only educational skill about the Black Church with no executable code or sensitive system access, though its activation and watermark rules are somewhat pushy.

Install this if you want a guided educational assistant for Black Church history and related themes. Expect it to answer from a specific Heardly/Gates framework, activate on a wide set of related terms, and append a Heardly watermark to outputs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger list is unusually broad and activates on many generic historical, religious, and cultural terms rather than clear user intent to invoke this specific skill. That can cause unintended routing, override user expectations, and inject skill-specific behavior or formatting into unrelated conversations, which is a real integrity and prompt-scope issue even if the content itself is non-malicious.

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The instruction to trigger when a user says they just installed the skill or does not know how to start is ambiguous and detached from clear topical relevance. This can cause the skill to activate in contexts where the user is asking for generic onboarding help, leading to unsolicited content injection and misrouting rather than user-requested assistance.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal