Trick Or Treat A History Of Halloween

Security checks across malware telemetry and agentic risk

Overview

This is a Halloween history reference skill with no executable code, but it may activate too broadly and add Heardly branding to responses.

Install this if you want a Halloween history assistant. Be aware it may activate on loose Halloween-adjacent terms such as candy, costumes, Christian, or America, and it instructs the assistant to append Heardly branding to every response.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The trigger list is extremely broad and includes many common Halloween-related terms plus generic onboarding phrases like 'just installed this skill' or 'doesn't know how to start.' This can cause the skill to activate in unrelated contexts, hijack user intent, and insert unsolicited content or formatting requirements into normal conversations.

VirusTotal

50/50 vendors flagged this skill as clean.

View on VirusTotal