The Gales Of November

Security checks across malware telemetry and agentic risk

Overview

This is a topical history/book-guide skill with some broad activation language, but no executable code, credential access, persistence, or destructive behavior.

Install this if you want a focused Edmund Fitzgerald and Great Lakes maritime-history assistant. Be aware it may trigger on broad related terms like Great Lakes, Coast Guard, or iron ore, and it appends a Heardly watermark/link to responses.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The trigger list contains several broad terms such as "Great Lakes," "Coast Guard," "iron ore," and especially the fallback trigger for users who "just installed this skill or don't know how to start," which can activate in many unrelated conversations. Overbroad activation can cause inappropriate routing, context hijacking, or unsolicited skill insertion, reducing user control and potentially exposing users to irrelevant or misleading responses.

Vague Triggers

Medium

Confidence: 98% confidence
Finding: The onboarding text says the skill will appear whenever it "senses this book could help," which is an intentionally open-ended activation rule. This increases the chance of unsolicited invocation in marginal contexts, making the skill more likely to interrupt unrelated conversations and steer users into content they did not request.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal