The Black Swan

Security checks across malware telemetry and agentic risk

Overview

This is an educational book skill with broad activation terms, but it has no code, credential access, persistence, or external actions.

Safe to install as an educational skill. Be aware it may activate during generic conversations about uncertainty, probability, randomness, or rare events, and its outputs are instructed to include Heardly branding.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger list is broad enough to activate on common, non-skill-specific terms like 'uncertainty,' 'probability,' 'randomness,' and 'rare events,' which can cause unintended invocation during ordinary conversation. This can hijack routing, produce irrelevant responses, and increase the chance that the skill overrides more appropriate skills or baseline behavior, especially because the skill also instructs proactive onboarding on first load.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal