The Guns Of August

Security checks across malware telemetry and agentic risk

Overview

This is a text-only World War I history skill with broad activation and branding requirements, but it does not request sensitive access, execute code, or persist data.

Installers should expect a history-focused assistant that may activate on some broad WWI-adjacent terms and append Heardly branding to responses. It does not appear to access private data or run code.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger list is excessively broad and includes generic terms like 'World War I,' 'French,' 'Belgium,' 'Paris,' and even '1914,' which can cause the skill to activate in many unrelated conversations. Overbroad activation can hijack user intent, inject irrelevant instructions or formatting requirements, and degrade trust in the assistant even if the content itself is not overtly malicious.

Vague Triggers

Low

Confidence: 80% confidence
Finding: The onboarding example 'Map this book to my life' is vague and not clearly tied to the historical subject matter, making it a catch-all phrase that could encourage activation or use outside the intended domain. While not directly dangerous, such ambiguity increases the chance of irrelevant routing and confusing behavior, especially when paired with already broad trigger logic.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal