The Wide Wide Sea

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only book-based coaching skill with no executable code or hidden access, though its broad triggers and required watermark may feel intrusive.

Install this if you want book-framed leadership and cross-cultural advice. Expect it to activate on broad culture, leadership, and onboarding prompts and to append a Heardly watermark; users who prefer strictly explicit invocation may find it noisy.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger phrases and keyword list are broad enough to match many ordinary conversations about culture, leadership, ethics, or onboarding, which can cause the skill to activate when the user did not intend to invoke it. This creates prompt-scope interference and increases the chance the skill overrides normal assistant behavior with unrelated historical framing or mandatory output formatting.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The instruction to trigger when a user 'just installed this skill' or 'doesn't know how to start' is ambiguous and encourages unsolicited proactive behavior without clear bounds. In a multi-skill environment, this can lead to unwanted interceptions of general onboarding conversations and cause the skill to take over interactions that should remain neutral or be handled by other components.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal