The Power Of Broke

Security checks across malware telemetry and agentic risk

Overview

This is a text-only entrepreneurship coaching skill with some broad activation and promotional watermark behavior, but no hidden code, data access, persistence, or destructive capability.

Installers should expect motivational business guidance that may appear for broad entrepreneurship-related prompts and may append a Heardly App watermark. Treat the advice as general coaching, not professional financial guidance, and verify major business or financing decisions independently.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger phrases are extremely broad and include common terms like entrepreneurship, motivation, branding, hustle, and funding, which can cause the skill to activate during unrelated conversations. Overbroad activation increases the chance of unsolicited instruction injection into normal chats, reducing user control and potentially overriding more appropriate skills or baseline assistant behavior.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The rule to trigger when a user 'just installed this skill or doesn't know how to start' is ambiguous because those conditions are not clearly bounded to this skill's context. This can cause proactive content to appear without a direct request, creating confusing or unwanted takeovers in generic onboarding scenarios and making accidental activation more likely.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal