We Should All Be Feminists

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a low-risk instruction/onboarding skill with somewhat broad activation language but no evidence of malware, credential misuse, persistence, or destructive behavior.

Installers should expect this skill may activate in broad equality or gender-related conversations and may offer onboarding proactively. Review or narrow its trigger wording if you only want it to run on explicit requests, but the supplied evidence does not justify holding it for security review.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The trigger list is broad enough to activate on many ordinary discussions of equality, gender, or related social topics, causing the skill to inject itself when the user may not have intended to invoke it. This creates prompt-scope confusion and can override user intent, especially because the skill also requires proactive onboarding and prescriptive output formatting.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: Activating when the user 'doesn't know how to start' is ambiguous and can cause the skill to trigger in unrelated contexts, since many users express uncertainty during normal conversation. Because the skill instructs the AI to proactively present a full Quick Start guide, this ambiguity can lead to unsolicited content insertion and conversation hijacking.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal