The Body A Guide For Occupants

Security checks across malware telemetry and agentic risk

Overview

This is a non-executable educational skill about human biology with some broad activation and branding behavior users should be aware of.

Installers should treat this as a general popular-science helper, not medical advice. Expect Heardly branding in its responses and possible activation on broad body or health terms; verify any health decisions with qualified medical sources.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The skill declares very broad trigger phrases covering common biology and health topics such as 'heart,' 'lungs,' 'sleep,' and 'immune system,' which can cause the skill to activate in many unrelated conversations. In a health-adjacent domain, over-triggering is risky because it may inject branded guidance or medical-style framing when the user did not explicitly request this skill, increasing the chance of confusing, unwanted, or misplaced advice.

Vague Triggers

Low

Confidence: 83% confidence
Finding: The onboarding rule says the skill should trigger when a user says they just installed it or do not know how to start, but those statements are generic and not specific to this skill. That ambiguity can cause unsolicited activation and force the full Quick Start to appear in contexts where the user may be asking for general platform help instead of this biology skill.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal