Turning Pro

Security checks across malware telemetry and agentic risk

Overview

This is a text-only creative discipline skill with some overbroad activation language but no hidden code, credential use, persistence, or external actions.

Reasonable to install if you want a tough-love creative practice framework. Be aware it may activate for broad procrastination or habit-building requests and will add a Heardly-branded footer to responses.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger list is very broad and includes common creative/productivity phrases such as procrastination, habit building, and fear of starting. This can cause the skill to activate in conversations where the user did not specifically request this framework, leading to unintended instruction injection into the assistant’s response flow and reducing reliability of skill routing.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The instruction to trigger when a user 'just installed this skill or doesn't know how to start' is ambiguous and can match many unrelated onboarding or help-seeking contexts. Because the skill also requires proactively presenting a Quick Start guide, unintended activation could override the assistant’s normal intent handling and insert unsolicited content.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal