X Hot Topics Daily

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent X trend summarizer, but it directs the agent to use the regular Chrome profile for X, which may reuse a logged-in personal session.

Review before installing if you do not want an agent using your regular Chrome or logged-in X session. Prefer a dedicated browser profile or logged-out session, keep it read-only, and verify important claims outside X before acting on them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Medium

Confidence: 86% confidence
Finding: The skill hard-requires Chinese output regardless of the user's preferred language, which can override user intent and reduce transparency or comprehension for some users. In a security-sensitive or time-critical context, forcing a single language may cause users to miss warnings, misunderstand results, or rely on incorrect assumptions about the output.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal