Play Physical Instrument

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed instructional music-learning skill with only minor routing and low-impact reminder concerns.

Install this if you want practical beginner help with physical instruments. Be aware it may be selected for broad stress-relief or hobby requests, so invoke it explicitly when you want music-learning guidance.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The skill description is broadly phrased around common interests like stress relief, creativity, and learning an instrument, which creates a real risk of accidental or overly frequent activation. While the content itself is low-risk and non-sensitive, broad invocation criteria can cause poor tool routing, unnecessary filesystem-enabled skill loading, and user confusion about why this skill was selected.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The "When to Use" section contains several high-level and ambiguous triggers, such as wanting a screen-free hobby, a creative outlet, or stress relief, without requiring a clear instrument-learning objective. This increases the chance the agent invokes the skill in situations where the user did not ask for music instruction, expanding scope beyond the intended domain.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal