The Paradox Of Choice

Security checks across malware telemetry and agentic risk

Overview

This is a text-only decision-making self-help skill with disclosed branding and no code, data access, or transaction mechanism.

Install only if you are comfortable with a branded book-guidance skill that may appear for broad decision-making phrases. Treat its shopping and purchase advice as general self-help, not financial advice or permission for the agent to make purchases.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The trigger list includes broad, common phrases such as 'Can't decide,' 'Too many choices,' and 'Why am I never satisfied,' which can match many ordinary conversations outside the skill's intended scope. This can cause unintended invocation, leading to irrelevant responses, user confusion, and possible interference with higher-priority or better-matched skills.

Natural-Language Policy Violations

Low

Confidence: 94% confidence
Finding: The file hard-codes a requirement that every output end with Heardly App promotional branding and a specific call-to-action, regardless of user intent. This creates an output-integrity issue: the skill injects unsolicited marketing content into responses and can override normal assistant behavior or platform presentation rules.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal