The Sum Of Us

Security checks across malware telemetry and agentic risk

Overview

This appears to be a topical book-discussion skill with some broad activation phrases, not a skill that requests sensitive access or performs risky actions.

Install if you want help discussing The Sum of Us and related policy themes. Be aware it may activate on broad social-policy language, so invoke it explicitly when possible and ignore or disable it if it appears in unrelated conversations.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 96% confidence
Finding: The skill declares that it should also trigger when the user says they just installed the skill or doesn't know how to start, which is a highly generic onboarding condition not specific to this book. Broad activation increases the chance of unintended invocation, causing the assistant to inject irrelevant guidance or override user intent in unrelated conversations.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: Several trigger phrases in the description are generic concepts such as "solidarity," "policy solutions," "public goods," and similar broad political or social terms that can appear in many unrelated discussions. This can cause accidental routing into the skill, leading to misfires, unwanted proactive responses, and possible confusion or content hijacking in contexts where the user did not request this material.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal