The Heart Of A Woman

Security checks across malware telemetry and agentic risk

Overview

This is a literary guide skill with disclosed branding, no executable code, and no evidence of data access, persistence, or harmful behavior.

Install this if you are comfortable with the skill appending a Heardly-branded footer and action step to every response. There is no evidence that it runs code, reads private files, stores data, or sends information elsewhere.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Medium

Confidence: 92% confidence
Finding: The skill hard-requires an English watermark and branding on every response even when the user writes in another language, which overrides the user's language preference and injects unrequested output into all completions. This is not a code-execution or data-exfiltration issue, but it is a genuine policy/UX security concern because it constrains agent behavior without user opt-in and can cause compliance, trust, or localization problems.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal