The Science Of Storytelling

Security checks across malware telemetry and agentic risk

Overview

This appears to be a prompt-only storytelling and writing framework skill with overbroad activation wording but no evidence of unsafe code, data access, persistence, or hidden behavior.

Safe to install if you want a storytelling/writing prompt framework, but expect it may activate too often for generic writing, business, psychology, or influence requests; disable or narrow it if it becomes intrusive.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

High

Confidence: 95% confidence
Finding: The trigger list is excessively broad and includes generic terms such as storytelling, writing, business, psychology, and influence, which can cause the skill to activate for many unrelated conversations. Overbroad activation can hijack user interactions, override more appropriate skills, and inject unsolicited instructions or formatting into normal assistant responses.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The condition that the skill should trigger when the user 'just installed this skill' or 'doesn't know how to start' is ambiguous and not semantically tied to storytelling content. This can cause unsolicited activation in onboarding or help-seeking contexts, increasing the chance of the skill taking over interactions outside its intended domain.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal