Triggered

Security checks across malware telemetry and agentic risk

Overview

This appears to be a viewpoint-heavy political writing skill rather than malware, but its broad triggers may make it appear in more conversations than users expect.

Install only if you want this specific partisan political voice. Be aware it may activate on broad political terms, so review or narrow triggers if you want it to respond only when explicitly requested.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

High

Confidence: 97% confidence
Finding: The trigger list is extremely broad and includes generic political terms like "left," "bias," "campus," and even onboarding-related phrases such as saying the user just installed the skill. This can cause the skill to activate in many unrelated political or setup conversations, unexpectedly injecting a highly partisan framing and proactive content into contexts where the user did not request it.

Natural-Language Policy Violations

Medium

Confidence: 93% confidence
Finding: The content is explicitly framed in Donald Trump Jr.'s partisan voice and presents the political left as a hostile monolith without offering neutrality, user choice, or balancing context. In a user-facing skill, this can steer political persuasion, reinforce polarization, and produce biased guidance as though it were authoritative assistance rather than clearly attributed viewpoint content.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal