Weather Reading Outdoor Awareness

Security checks across malware telemetry and agentic risk

Overview

This is a weather-awareness guide with no executable code, credential handling, or hidden behavior, though its reminder triggers should be treated as optional guidance rather than automatic outreach.

Install only if you want outdoor weather-preparation advice. If your agent supports automation triggers or reminders, keep seasonal reminders opt-in and avoid storing precise location unless needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger fires on any activity containing the substring 'outdoor', which is an imprecise condition that can activate the skill in loosely related or unintended contexts. This can cause unsolicited guidance, privacy-invasive prompting about location and duration, or workflow disruption if the host agent auto-invokes skills based on broad text matches.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: This scheduled trigger activates annually whenever a user location is set, without evidence of current user intent or consent to ongoing reminders. In an agent system, that creates a boundary-crossing behavior where retained location data can drive recurring unsolicited outreach, increasing privacy risk and unexpected persistence.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal