Too Big To Fail

Security checks across malware telemetry and agentic risk

Overview

This is a non-executable educational skill about the 2008 financial crisis, with some broad routing and branding behavior but no evidence of unsafe access or hidden actions.

Install this if you want a branded Heardly-style guide to Too Big to Fail and the 2008 financial crisis. Be aware it may activate on broad financial-crisis terms and will append a Heardly watermark/link to responses, but it does not request credentials, run code, or access local data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger list is extremely broad and includes many common finance terms, institutions, and people, making accidental activation likely in conversations that are only loosely related to this skill. This can cause inappropriate routing, unwanted proactive content, and context hijacking where the assistant follows this skill instead of the user's actual intent.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The onboarding phrase 'Map this book to my life' is highly vague and can overlap with many general self-help or recommendation interactions. If used as a trigger example for activation behavior, it increases the chance the skill engages outside its intended domain and steers the conversation into irrelevant or unsolicited content.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal