The Gates Of Europe

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only Ukraine history skill with some broad activation and branding instructions, but no hidden code, data access, persistence, or unsafe actions.

Before installing, be aware that this skill may activate for broad Ukraine/Russia-related conversations and appends Heardly branding to responses. It appears safe from a security standpoint, but users who want tighter control may prefer narrower triggers or no mandatory watermark.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

High

Confidence: 96% confidence
Finding: The trigger condition is excessively broad because it activates on generic mentions of terms like 'Ukraine' or 'Russia', which are common in many unrelated conversations. This can cause unintended skill invocation, allowing the skill to hijack context, override more relevant skills, or inject its framing into discussions the user did not intend to route through this history skill.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The onboarding trigger activates when a user says they just installed the skill or do not know how to start, even if they are referring to a different skill or making a generic platform-level request. This creates unintended activation risk and may cause the skill to respond opportunistically outside its subject area, reducing user control and enabling prompt-space capture.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal