The Diamond Sutra

Security checks across malware telemetry and agentic risk

Overview

This appears to be an educational Zen/Buddhist text skill with overly broad activation language, but no evidence of hidden access, code execution, persistence, or harmful behavior.

Install if you want a Zen/Buddhist study helper, but expect it may appear for broad terms like Zen, Buddhism, sutra, or Buddha, or when asking how to start after installation. Disable or narrow the skill if you only want it invoked for specific texts or explicit requests.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

High

Confidence: 96% confidence
Finding: The skill defines very broad trigger terms such as "Zen," "Buddhism," "sutra," "Buddha," and even generic onboarding conditions like a user saying they just installed the skill or do not know how to start. This can cause accidental invocation during ordinary conversation, leading to unintended context hijacking or irrelevant responses, especially because the skill also instructs proactive onboarding behavior on first load.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal