The Quran A New Translation

Security checks across malware telemetry and agentic risk

Overview

This is a Quran study skill made of text reference files only, with no code execution or data access, though its activation wording is broader than ideal.

Install this if you want Quran-focused study help with Islamic religious framing. Be aware it may activate on broad religion-related terms and appends a Heardly App watermark to responses.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

High

Confidence: 95% confidence
Finding: The trigger list is extremely broad and includes many generic Islam-related terms, making it likely this skill will activate for queries that are not actually asking for this specific Quran translation or toolkit. This can cause skill hijacking or unintended routing, where users seeking other Islamic topics, other books, or general religious discussion are silently redirected into this skill's framing and instructions.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The phrase allowing activation when a user says they 'just installed this skill' or 'doesn't know how to start' is ambiguous and not tied to this skill's subject matter. In a shared assistant environment, such generic onboarding language can cause accidental invocation and override the user's intended destination or workflow.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal