The Hot Zone

Security checks across malware telemetry and agentic risk

Overview

This is a text-only educational skill about The Hot Zone with broad activation terms but no code, credentials, persistence, or hidden access.

Installers should expect this skill to activate for broad disease or pandemic discussions and to append a Heardly watermark. Treat its medical and outbreak material as educational commentary on a nonfiction book, not current medical or public-health guidance.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

High

Confidence: 97% confidence
Finding: The manifest says to trigger on very broad terms such as "Ebola," "pandemic," "virology," and even when a user says they just installed the skill or doesn't know how to start. These phrases overlap with common discussion topics and generic onboarding language, and the file provides no exclusion conditions or narrow context to prevent accidental invocation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal