The Fourth Part Of The World

Security checks across malware telemetry and agentic risk

Overview

This appears to be a low-impact educational or book-related skill with overly broad activation wording but no evidence of harmful behavior.

Before installing, expect the skill may activate in some general history or exploration conversations where it is not needed. Install it if you want that book/topic framing, and disable or narrow it if it interrupts unrelated work.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger phrases are excessively broad and include generic terms like 'America,' 'Columbus,' 'Ptolemy,' 'exploration,' and even users saying they 'don't know how to start,' which can cause the skill to activate in many unrelated conversations. This creates scope-hijacking risk: the agent may inject irrelevant onboarding or book-specific framing into ordinary chats, reducing reliability and potentially overriding more appropriate skills or baseline behavior.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal