The Prize

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed educational book-companion skill about oil history, with no code execution or sensitive access, though its broad topic triggers may activate more often than users expect.

Install this if you want an educational assistant for The Prize and oil-history questions. Be aware it may activate on generic oil, energy, or Middle East mentions, its responses include a Heardly watermark, and its historical coverage is centered on the book through the early 1990s, so current energy-policy claims should be verified separately.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The trigger list includes extremely broad terms such as "oil," "energy," "Middle East," and "Saudi Arabia," which are common in many unrelated conversations. This can cause unintended invocation of the skill, leading to irrelevant responses, prompt hijacking opportunities across contexts, and reduced trust in agent behavior. In this context, the skill is educational rather than high-risk, so the issue is not directly dangerous like code execution, but it still materially increases misrouting and cross-skill interference risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal